10 years at Amsys

Hi all.darren wallace

As I sit here, at a hotel in the Cotswolds (another ‘stay away’ consultancy project), drinking a locally brewed Ale (Stroud Brewery’s Budding Pale Ale, should you ask) I find myself contemplating spending almost ten years of my life at Amsys. Come the 4th July 2015, I’ll hit that milestone.

In case you’ve not guessed, this is another slightly different blog to my usual.

I still find it amazing that I found a junior Apple Hardware Engineer posting in the local paper, and through sheer laziness (OK and possibly some ability), I’m still here now at the same place (and based in the same location) ten years later, using my hard learnt knowledge to provide services to assist our customers, both large and small.

During this journey, I’ve had the opportunity to travel the UK and Europe, and meet plenty of friendly and interesting fellow geeks / users, as well as been provided with additional training and experiences I honestly think I’d struggle to find elsewhere.

Stand out memories include:

  • Attending many Christmas parties, as organised by the excellent Cheryl.
  • Working with my partner in crime, Mark, on managing the workshops.
  • Finally obtaining my ACSA (10.6) with the help of our training team.
  • Working with the Amsys Plymouth team for a solid 2 months.
  • Hearing stories back from blog readers whom have used the Munki blogs I’ve written to get a leg up in their own environments.
  • Attending the Mac meet ups (organised by our own Charley and James.
  • Attending the Mac Admin meet ups (organised by Ben and Graham.
  • Completing my first 500+ Mac project…and my second…third etc!
  • Also attending the CCE course and meeting the excellent Rob from JAMF Software, amongst others!
  • Getting to know there is a larger, international Mac community full of helpful and friendly people (who know their Ales!)
  • And too many more to list!

I’d like to take this opportunity to thank my direct boss (and if memory serves, the guy who actually interviewed me), David Acland and the MD of Amsys (who hosted my second interview) Alex Hawes, for all the opportunities and faith they’ve put in me, as well as all the incentives they have given me to progress myself professionally.

The future?

Ah, looking forward. I’m currently still working with our consultancy team, delivering projects across the country (and continent!) – but you already knew that! We’ve also got some other cool things in motion that I hope we can share with you very shortly. Watch this space!

iMac (27-inch) 3TB Hard Drive Replacement Program

Are you aware that Apple has determined that a small number of 3TB hard drives used in 27-inch iMac systems may fail under certain conditions? The devices affected were sold between December 2012 and September 2013.imac rep

Apple are contacting customers who may be affected, but you can also check your eligibility for a replacement by entering your serial number on Apple’s website here.

If your device is eligible for the 3TB hard drive replacement, then Amsys can help you.

You can either:

  1. Fill in the form below or email support@amsys.co.uk with your details so that we can call you back and organise a collection at your earliest convenience
  2. Call us on 020 8660 9999 to book your device into our workshop, our opening times are 08:30 to 18:00 Monday to Friday.

Before your iMac comes into our workshop, it is essential that you back up your data. If you are unable to finish a backup or wish Amsys to attempt a data transfer to your new hard drive, this is a chargeable service of £60. Please see our T&Cs here regarding data.

If you have any questions or are unable to access the Apple site to check your serial number, please contact our friendly Call Control team who will be able to help you. Email support@amsys.co.uk or call 0208 660 9999 or fill in the form below.

  • Please describe the symptoms

  • This field is for validation purposes and should be left unchanged.

When is it OK to stop using the word “Digital”?

iphone 6

Earlier in the year I met with a friend of mine from digital transformation experts Adapt2digital. I was greatly impressed with what they were doing, even though I was slightly baffled.

I completed a Digital Engagement Map (DEM), which is a piece of software they have created to assess digital competence, readiness and identify actions and initiatives for the transformation of your business. It was very enlightening. I must confess when we first met, the concept I struggled with most was the meaning of the word ‘digital’. I suspect I am not alone.

At the ‘Accelerating Growth In A Digital Age’ conference at the IOD earlier this month, I made the connection. The first speaker challenged businesses to think about the difference they are making to their clients’ lives and how they differentiate themselves from their competitors. One solution lies in using resources more effectively.

Those resources are people, and those people must stop operating in silos and collaborate. We then heard about the development and adoption rates of technology, how it will pervade or lives, the emergence of social media, changes in online search, how data analysis is the key, etc. After an hour-long discussion of Twitter by ‘young entrepreneurs,’ I wasn’t convinced that Twitter was the answer.mac and iphone

When we talk about ‘digital’ we are encouraged to think about all of the platforms, technologies, tools as if they alone deliver benefit; If we put all these elements in place then we will have a digital business and we will thrive.

Oldies fear them, and we are told to hire a 19-year-old because ‘they get it’. That is way too simple and completely misses the point of what ‘Digital Transformation’ is all about, at least in my mind. It focuses on the ‘what’ and not the ‘why’, the features and not the benefits.

‘Digital’ is about joining the dots; about making connections that make sense and make a difference to your business. To do that you need to think deeply about what you are trying to achieve and determine your goal at its highest level.

How does your business need to change (transform) to be more competitive and to make a difference to the lives of your customers or clients and to thrive?

Once that’s established, you can determine what tasks and projects will leverage the right tools and technologies to achieve those goals. These days those are likely to be digital tools, cloud-based platforms, etc.

At the sharp end, it is probably about enabling your customers to buy in the way they choose, not the way you determine. In the middle, you need to enable your people to gain a greater understanding of business, opportunities, relationships and work together to streamline those processes with whatever tools make sense.

At the back end, you need to remove waste and automate repetitive tasks. Through all of this you should analyse the data streams that give you insights into what’s happening in your business and customers lives, and then feed that into the business to speed up decision-making and the sales process. Simples!

It’s a monumental task for some businesses, but the road to success lies in the adoption of an agile methodology. An agile mindset makes small changes quickly, improves them, then moves on to the next change, and so on. I’m very much of the opinion that 80% on time is better than 100% late. It’s important to take action, make a change, test and adjust and repeat, always keeping the goal in mind.

Finally Dave Coplin, Microsoft’s Chief Envisioning Officer, challenged the audience to consider where performance and productivity gains will come from, being of the opinion that we are now unable to squeeze more from the current set of tools and technologies.

He asked: “when is it OK to stop using the word ‘Digital’?

This week, I shall be mostly using the word “Connected”.


El Capitan: System Integrity Protection

Over the years, Apple has added some great security layers to OS X to help make using a Mac more secure. These have included FileVault, App Sandboxing and Gatekeeper.

In El Capitan, Apple are adding a new layer of security called System Integrity Protection. This new layer of security is designed to protect the integrity of the system itself.

As with all traditional Unix systems, the root account is all empowering. It can practically do anything it wants including removing or replacing key system files.

With Mac systems, a typical setup would be a single user who is also an admin on that computer, which means you are one step away from granting someone root access to the system.

How many times are you prompted for your password when an App wants to make a change or perform an install? Most users just blindly enter their password. Once the password is entered, that app would not have too much trouble getting root access to the system and thus could perform any untold amount of damage.

This is where System Integrity Protection comes into play. In a nutshell, it prevents key system directories from being modified even by the root account. This is why this feature is sometimes known as “Root Less”. So even if a process was granted root access, it could not modify or delete certain directories within key parts of the file system.

So as an example, the following directories would be protected. /System, /bin, /usr.

This command would now fail in El Capitan:  sudo touch /usr/test

For most users, they will not be aware that this service is in play. Apple code is exempt so installations from the Mac App Store or system updates would not be affected.

For some more advanced users, this potentially could cause some issues.

As an example, if you install homebrew services or have custom bespoke services installed, then potentially they could live in /usr, which is now out of bounds in El Capitan. Therefore, when you upgrade to El Capitan, a migration will be performed, moving these items to directories that are allowed, which could break some solutions.

In the case of the /usr directory, /usr/local is still allowed for this sort of circumstance.

This feature can be disabled by booting to the Recovery OS and running a new Security Configuration utility to disable it. Beware that this actually sets a parameter in NVRAM, so it’s persistent between OS’s on that box.

security config el capitan

Overall though, this is a nice addition to OS X.



Installing, configuring & automating OS X Yosemite seminar

Hello, Mac World!

I thought it was about time that I let everyone know about a new venture we have recently started in bringing 1-day seminars to the Mac community.

This week, I delivered our second successful OS X Yosemite Deployment Seminar, a day dedicated to discussing and solving Deployment solutions for OS X Yosemite.

The Amsys OS X Yosemite Deployment Seminar is all about creating awareness of current Deployment solutions and discussing real-world Deployment scenarios.

Attendees share their experiences and get involved in leader-led problem solving along with hands-on labs trying out different deployment scenarios and solutions.

Throughout the day, we look into Apple’s solutions along with lots of third party tools in either demos, discussion points and exercises. These sessions provide valuable real-world context, looking at the tools that complement OS X’s built-in installation and deployment software.

installing configuring and automating osx

During the 1-day deployment seminar, we discuss the following topics:

  • Deployment Planning: The day starts with an overview of what planning is required to develop a strategy for a successful deployment.
  • Deploying Individual Apps: Deployment can often involve just single App deployment. This chapter looks into various ways to download, purchase and deploy OS X Applications.
  • Installation Packages: How Apple’s installer technology works for software distribution, including how to create custom installation packages using GUI tools and the command line. The open-source project Munki is also overviewed here.
  • Creating Entire System Images: Learn how to create full system images for a complete deployment of OS X Yosemite.
  • Deploying System Images: Managing and deploying Network System Images.
  • Post Imaging Deployment Considerations and System Maintenance: In this chapter we will discuss the various techniques available to apply post-installation configuration such as enrolling in an MDM solution for management and configuration. Learn how to keep your OS X clients updated via the Apple Software Update sever or the Caching Service. Additionally, a range of features available through Apple Remote Desktop are discussed.
  • Deploying Macs with DeployStudio: Finally, we take a look at the DeployStudio deployment package for additional Deployment features. DeployStudio has become the main third-party network deployment tool for OS X. Learn how to configure pre and post imaging scripts to perform common tasks such as naming computers, binding to Active Directory and configuring other computer-specific settings.

It’s a great day for Mac Admins or any tech needing to know how to streamline the process of installing and configuring a large number of devices running OS X. From developing a comprehensive and stable Mac Deployment strategy, through understanding installer packages, looking into how the Mac App Store works, ownership and downloading Apps, discovering management with an MDM (Mobile Device Management) solution, you learn all about item deployment.

We then turn to System Deployment and discover how to use a range of Apple tools along with the leading third party tools that aid OS X deployment. Post deployment is also covered with techniques to automate settings and configuration including OS X Command Line configuration and file system manipulation.

If you are interested in attending a future Deployment Seminar please fill in the form below or email training@amsys.co.uk.

  • This field is for validation purposes and should be left unchanged.

New Management Features for iOS 9 and OS X 10.11

This week was a very exciting time in the Apple Community following all the announcements at WWDC, including iOS 9, OS X 10.11 (El Capitan) and watchOS.

One of the interesting aspects are the new management features for iOS 9 and OS X 10.11 that will be released soon, some of which I have summarised below.

Device Enrolment Program
For devices enrolled into Apple’s Device Enrolment Program some interesting new features are being added.

  • Enrolment Optimisation: This new option keeps the device in the setup assistant until all profiles have been installed by your MDM Server. The setup assistant can then be released. This is supported on  iOS 9 and OS X 10.11. This is a great way to make sure the device is completely setup before the user can create an account and log in.
  • Account Creation: For OS X 10.11 you will be able to prevent the creation of local accounts,  so only allowing  network accounts to be used.
  • Set Passcode Policy: For OS X 10.11 you will be able to specify password policies for any new account that are created.
  • Via MDM, Your MDM Server will be able to create a standard user account for your user to login with.
  • Via MDM, Your MDM Server will be able to create an optional hidden admin account.
  • Automated Enrolment: For iOS 9 you will be able to automatically enrol the device with no user involvement via the new Apple Configurator 2. Apple Configurator 2 will be able to query your MDM for the correct URLS and apply them to the devices attached.
  • VPP  Managed Distribution - Multinational App Assignment. You will be able to  purchase an App via VPP. Then distribute it to any country that either has or has not got VPP. The only criteria is that the app you are purchasing must be available in the iTunes store in that country. This is a great feature for multi national companies.
  • VPP  Assign to devices. You will be able to assign any VPP app to a device. This is a big and often requested feature. This means no Apple id is required. The app gets assigned to the device itself. Great for shared device scenarios. The MDM can then control the installation and update these apps without user intervention. Apple will provide a way to migrate existing VPP apps from user assignment to device assignment.
  • Caching Server -Will be able to cache iCloud Drive Docs, Cloudkit data, iCloud Photo library, on-demand app resources. All data will be encrypted with the keys available only to the device the data belongs to.
  • iOS 9 and OS X - MDM Servers will be able to force clients to update both apps and the OS. You can also perform a staged download so you can install the update on all devices at the same time.
  • Config Profiles - Network Usage Rules – Managed apps can be restricted to which network they can use, cell data or roam.
  • Restrictions  –  There are a bunch of new restrictions that you will be able to deploy including: Don’t Trust new enterprise apps authors, Treat Airdrop as an un-managed  destination, Automatic app downloads, iCloud photo library and keyboard shortcuts.
  • Restrictions  –  You will be able to prevent users from  modifying the device name, passcode and wallpaper.
  • Restrictions  –  Restrict the pairing with Apple Watch.
Apple Configurator 2

If you can, I suggest you download the beta for Apple Configurator 2. It’s shaping up to be a great update. It’s had a massive make over. I would also recommend that you check out this talk at WWDC, which features some fantastic demos.

All in all – we have some great stuff to look forward to.

IPV6 – What you need to know

Remember your server’s internal IPv4 address How about FE80::1 or even 2001:ACAD:DB8:A::1/64?

Don’t panic. It’s not that bad! Let me explain.

The so familiar IPv4 addresses like will be around for a very long time be we start seeing these FE80::290:2BFF:FE23:4381 along with them.

This is an automatically assigned IPv6 address. It is not routable and will only be used to connect devices on the local network. The good thing about it is that the device generated it itself and the network administrator did not have to worry about it – as it is unique. I will try to cover the basics in this very short post without making it too difficult to read.

IPv6 Addresses

At its core, IPv6 addresses are represented in binary just like IPv4. The difference is that IPv4 addresses are 32 binary digits long while IPv6 addresses are 128 binary digits long.

IPv4 address in binary


IPv6 address in binary


This allows for so many addresses, that theoretically, as Steve Leibson wrote, “So we could assign an IPV6 address to EVERY ATOM ON THE SURFACE OF THE EARTH, and still have enough addresses left to do another 100+ earths. It isn’t remotely likely that we’ll run out of IPV6 addresses at any time in the future”

However, this transition, I think, is likely to take a few decades and Dual Stack network may never disappear. A Dual Stack network is one that allows hosts on the network to have an IPv4 and IPv6 address.

Here is a table showing the structure of an IPv6 address

128 bits

3 bits

13 bits

8 bits

24 bits

16 bits

64 bits

Identify the type of addressing Top-level aggregation identifier (TLA ID) used to identify the device responsible for addressing at the highest level Reserved for TLA expansion Next-level aggregation identifier (NLA ID) that identifies ISPs Site-level aggregation identifier (SLA ID) used by local network management The interface ID is host portion of the address and is used to identify network interfaces on individual devices

Public topology

Site topology

Interface identifier

Let’s look at the type of IPv6 communication types one by one.

  • Unicast - IPv6 communication that uniquely identifies a network interface on a device
  • Multicast - Used to send packets to multiple destinations
  • Anycast - Communication type that targets all devices with the same address but only the closest destination will process the data

Unicast addresses are further broken down into several types and here are those most relevant to that blog

  • Global Unicast - There are globally unique addresses that are visible on the Internet
  • Link-local - These are addresses that are only required for hosts on the same network to communicate. Therefore, they only must be unique on that network. Packets sent with such addresses cannot be transferred over to another network
  • Unique Local - These are defined to allow devices from different sites to communicate between each other without allowing the addresses to leak on the Internet. Therefore, these are not routable IP addresses and do not provide end-to-end Internet connectivity

Lets briefly look at the IPv6 benefits

  1. More efficient routing - routing tables can be kept relatively small because of the way the IPv6 addresses are aggregated. This results in faster routing because the router finds the next hop in less time
  2. Smaller headers without checksum - the header of IPv6 packets does not need to have the IPv4 checksum area because other layers also perform error checking like TCP in Layer 4 for example
  3. End to end connectivity - due to the large number of available IPv6 addresses, NAT in its most basic functionality is not needed any more. This allows end-to-end connectivity, which in turn allows other services that previously experienced problems due to NAT
  4. No broadcast - only unicast, multicast and anycast traffic exist in IPv6. The broadcast traffic has been excluded from the design of the protocol, which removes the possibility of broadcast storms
  5. Better security - the main security mechanism built into IPv6 is IPsec, implemented using the AH authentication header and the ESP extension header which allows for easier IPSec implementation
  6. Simplified network device configuration - devices can configure their IPv6 address themselves using the advertised by the router prefix and the EUI-64 address generation process. The 48 bit MAC address of the interface card is split into two parts, in the middle FF:FE is inserted to expand the address to 64 bits and the 7th most significant bit of the EUI-64 is inverted to represent 1

I hope this has been informative for you and managed to clear some of the mystery around the IPv6 addressing


T216, The Open University, http://www.open.ac.uk, 2014
Network Computing, http://www.networkcomputing.com, 2011

We’re hiring!

We’re looking for a senior Apple technician to join the team.  The role involves designing and implementing technical solutions for our clients in London, across the UK and occasionally further afield.

If you are looking for a challenge and to push your technical skills to a new level, this fast-paced, and diverse role will certainly deliver. This role requires an ability to adapt quickly to new environments and to constantly develop your capabilities with emerging technologies.

We pride ourselves on our technical skills, but also our ability to engage with colleagues and clients, listening to their needs and translating the requests into innovative and robust technical solutions.

As the team includes a mix of all technical levels, part of your role will be as a mentor.  You will be expected to help develop the junior members of the team so they can take on more responsibility.

Some of our goals and beliefs

  • Everything we do should help the customer do what they want to do bigger, better, faster or more efficiently
  • We constantly share knowledge and ideas with the rest of the team
  • We’re always willing to help out, even if it’s not one of our day to day responsibilities, whether that be covering the service desk, or getting some new Macs imaged onsite
  • We put the team, the company’s and customers needs ahead of our own

Day to day activities

  • It’s a little tricky to describe a typical day as you will be working for lots of different setups of different sizes and shapes, but some of the most common duties will be:
  • Visiting clients sites, looking at their IT setups, listening to their needs and designing solutions for them
  • Collaborating with the Amsys account managers as they work towards implementing solutions
  • Working with other technicians in the team to implement the solutions
  • Working with the Amsys service desk to ensure they are equipped to support the solutions once implemented
  • Contributing to the Amsys online presence by writing blogs and technical white papers
  • Desired attributes
  • Excellent interpersonal skills
  • A positive ‘solution oriented’ attitude
  • Self sufficient, able to solve technical, logistical and administrative issues unaided
  • A team player, always willing to contribute towards the team goals
  • A real passion for learning about new technologies and an ability to make use of them in real world situations


The technologies we’re working with are constantly changing.  It’s worth stating that we rate attitude and an ability to learn new technologies above what you know today.  That aside, some of the technologies we are working with are:

  • Meraki (networking hardware & MDM)
  • Casper
  • Munki
  • DeployStudio
  • SonicWall
  • Everything Apple
  • Microsoft Windows Server and clients
  • Other MDMs including Airwatch, Profile Manager and a few others

If you’re looking for your next challenge and this sounds like the job for you then apply today.  Email your CV to consultant@amsys.co.uk.


1 year on with Swift

2nd June 2014, changed the world of iOS and OS X development – forever.

wwdc announces swift

This time last year iOS developers across the globe had no idea that in a few days Apple would launch a brand new programming language called Swift at their Worldwide Developer Conference. We were streaming the WWDC keynote live in London when Apple announced the arrival of Swift. I remember looking over at Richard, our Head of App Dev and creator of Amsys iOS Development training, with his jaw on the floor.

That same evening, Apple released the full documentation for developers to pore over and learn the Swift Syntax!


Why did Apple create Swift?

Apple had been working on Swift for around 4 years prior to its launch. Back then, iPhones and iPads were surging in popularity with consumers; meanwhile enterprises were quickly following suit.

However, the demand for iOS developers was fast outstripping supply. So Apple embarked on a mission to create “a new language that lets everyone build amazing apps.”

“Because the people who are crazy enough to think they can change the world, are the ones who do.”

Apple intended to remove the association that programming is hard to learn and the remit of a select few. To do this, Apple needed to move away from Objective-C.

Even though Objective-C had “served Apple incredibly well” over the previous 2 decades – it relied heavily on C. Consequently, there were a number of limitations, which meant the language couldn’t change or evolve as quickly Apple would have liked.

Objective-C also has a rather verbose syntax, quite different from other mainstream languages, which can put some developers off from learning it. To bring Swift into the mainstream, Apple borrowed ideas from a number of languages including Objective-C, Rust, Haskell, Ruby, Python and C#.


How did the developer community react?

Change, in all its forms, is usually met with some resistance. When Apple released Final Cut X, the reaction was “bitter and emotional.” Therefore, it was no surprise that feedback from the developer community was mixed. Although there were many brimming with positivity and excitement.

Indeed, existing developers of non-Apple languages who disliked Objective-C’s syntax were even inspired to start learning Swift.

“As a C# developer, I can read and understand the code without any issues. That’s a good thing for Apple. I’m sure Objective-C is great but it’s too foreign for me and didn’t want to toy with it for fun, not worth the effort. But I can write an app or two with this one.”

Within days… a Swift version of the hit app “Flappy Bird” was released on Github – validating Apple’s claim that Swift is easy to learn language. Then, in October 2014, LinkedIn announced that they had developed their first iOS app only using Swift.

“We began working in Objective-C for two weeks, and then when WWDC came around, we heard about the new language and decided to go all in on Swift and start from scratch.”

adoption of swift

Unprecedented demand & adoption

By January 2015, Swift was predicted to become one of the top 20 languages by Q3 in the ranking guide released by analyst firm, RedMonk. A feat that took Google’s Go – 5 years to achieve. What’s more – a survey released in Feb 2015 revealed that a massive 20% of developers had already started to use Swift.

Swift has also given birth to a new community of developers – new and existing, populated with members eager to learn and to get a foot on the development ladder. Today there are 92 Swift meet up groups with a total 23,000 members, across 68 cities in 27 countries, each providing monthly talks and workshops.

Within weeks of WWDC 2014, various free and paid for resources popped up across the web to help more people learn how to code. Here at Amsys we also jumped at the chance to create a range of Swift training courses and exams, the 1st of which was launched last Summer, and subsequently grown in popularity ever since.

Not Just a Flash in the Pan

As Swift’s stability and adoption rate grows, more and more enterprises and their in-house developers will start to accept Swift as a commercially viable language.


So… what does it take to develop apps using Swift?

Because of its history, Objective-C has a lot of legacy that involves using many [ ] and @ symbols, which does not make it the most readable language. Swift does away with all this.

Swift is much more readable, borrowing heavily from languages such as Rust, Haskell and Python. Swift code is much easier to maintain, requires less housekeeping than Objective-C.

Swift is is also safer to use, hiding pointers and forcing developers to declare the type of data being used within the app. Swift also requires less code and produces faster code than Objective-C.

To develop in Swift, you obviously need an understanding of the language.

From our experience, Swift is easier to pick up than other languages, and if you come from another language you will certainly find it very familiar. Once you get into the iOS or OS X frameworks, the building blocks of any app, you will notice they are identical in functionality, they just differ in their syntax.

If you’re coming from Objective-C to Swift, you should feel right at home.

The future…

WWDC 2015 will certainly bring us up to date to with Swift. Apple has not rested on their laurels this last year They have delivered a number of updates to the language as well as their developer tools. Only Apple knows what will be announced, but the developer community cannot wait.

Active Directory & Home Folders Session at Penn State Mac Admin Conference

For anyone attending the Penn State Mac Admins conference this year, I’ll be speaking about integrating OS X with Active Directory and options for providing network home folders on Thursday 9th July at 3.15.  Location and specifics, along with a full session line-up is available here.

More details about my session can be found here.

Should be a great event this year.  I’ll look forward to seeing you there.

psu mac admins 2014

The dreaded D word – Documentation (Part 2)

I’m back with part 2 of my thoughts and experiences on technical Documentation. This time, I’ll be looking the types of documentation, and a few tips I’ve picked up.


The first point you will likely find is that there are many types of documentation. 


Procedural is probably the first method of documentation most people create and is always the easiest. It can form the basis of more detailed documentation or the first step on automating / scripting a solution.

It’s typically formed of pure and simple step by step of tasks done, and commands run, for example:

  1. Install Server.app from the MAS.
  2. Configure user accounts.
  3. Configure file shares.
  4. Configure access groups.

This is how I wrote my first internal Munki documentation.

Note: This is not fully detailed and possibly not suitable for handing over to a less experienced engineer or to provide handover training. This would, however, possibly be suitable for engineers at your level or higher.


Verbose documentation is probably the second type of documentation you’ll progress to. It typically comes from the procedural documentation and, as you can imagine, will detail the exact buttons clicked, and commands run. For example:

  1. Login into the local administrator account (“username” and “password”).
  2. Click the Apple logo in the top left corner, then “App Store…”
  3. Click in the search box (top right) and search for “OS X Server”.


This was what I converted my Munki documentation to for our internal usage and formed the basis of the blogs I’ve posted.

Note: This is now fully featured and suitable to be given to a junior staff member in very specific scenarios. However, as it does not explain in detail why each task is performed, it isn’t great for knowledge transfer or to help the engineer to adapt should the scenario not fit the documentation.


Descriptive documentation typically forgoes the use of fully detailed instructions, to instead concentrate on detailing the reasoning behind the tasks. It typically assumes either:

  • The reader has some knowledge of the tasks.
  • The reader has no interest on how to complete the tasks but more the reasoning.

Note: This type of documentation typically isn’t suitable for junior staff members as they may not have the necessary knowledge to fill in the blanks. However, this will typically be fine for Managers and Supervisors (tweaked to the appropriate audience).


This type of documentation is a mix of options, typically Verbose and Descriptive. This will likely explain the reasons behind a certain group of actions, or in some cases explain the reasons behind every action (although this is possibly overloading the reader).

A great example of this kind of documentation can be found on Rich Trouton’s blog, for example this article here.

Note: This documentation would typically provide good documentation to hand over to multiple members of your team, including juniors and to assist with knowledge transfer.

General Tips

Speaking of knowledge sharing, here’s the tips I’ve come across whilst having to write documentation. Some are from experience, and some I’ve been taught from others.

Don’t be afraid to use Graphics!

Just because your document is desired for other engineers doesn’t mean it needs to be pure text. Some people are more visual learners and can understand a diagram better / quicker than a block of text. Other items might take pages to explain in text, or one page of a nice diagram.

For diagrams I typically use OmniGraffle, although one of my colleagues has created some great ones with Keynote.

If your documentation is a guide to doing a task, chuck in some screenshots and images. Preview on OS X Yosemite includes ‘Markup’ so annotating these screenshots can be quick and simple. This also allows the reader to spot any changes from the documentation and what’s in front of them easier and quicker and alert you to any potential changes (maybe an OS X update changes the options on a dialog box, for example).

Don’t forget tables! If you’re writing lots of related information (such as an application list with version numbers), you are often better including it in a table rather than a list of bullet points and tabs.

If in doubt, include it.

Although typically this will cause you to write longer documentation, it’s a good mantra to use. If you are unsure if you should include a piece of information, then you need to include it! Worst case, it’ll ensure your documentation is thorough. Best case, it’ll contain the vital piece of information required for a rebuild.

If it’s confusing, spend more time explaining it.

Pretty self explanatory and also links back into using graphics. If it’s complex or confusing, dedicate more time to it. Use graphics and diagrams. Possibly even go so far as to split the information off into it’s own section or even it’s own documentation!

Layouts / flow.

Ensure the document is clean and reads well (and makes sense!). Try to keep related items together and not spread throughout the document. When documenting a full solution for a client, I will tend to use the following template document sections:

  • Introduction
    • Brief summary of the project (1 paragraph)
    • Overview of the entire solution (1-2 pages)
  • Server Configuration (typically subdivided between areas, e.g. “Mac Server Configuration”, “Casper Server Configuration”)
    • Installed Hardware (Serial number, specs, warranty)
    • Storage configuration (the arrangement of any storage, RAID, partitions, names, what each is used to store).
    • Backup Configuration
    • Services Configuration (arrange by Apple and non-Apple first, then alphabetically, each service in it’s own sub-section)
  • Client Configuration
    • Installed Hardware (Serial numbers, specs, warranty)
    • Groupings (such as per room and / or department)
    • Management settings
    • Printing configuration
    • User experience (at login, use and logout)
  • Appendices
    • Full password list
    • License codes
    • Online accounts (such as Apple IDs)
    • Deployment crib sheet (verbose still documentation to assist with redeploying client devices)


This is an important one. Have someone else review your documentation. If it’s instructions (such as a deployment crib sheet) have them run through the steps. This will test that the documentation makes sense and is actually correct. I’ve often found that I’ve skipped over a mistake I’ve made as I’ve unconsciously knew what I meant but it wasn’t what I typed. Often, the reviewer can also have better ways to explain an item that you hadn’t thought of.


This one can be done with a Wiki or manually using version numbers, but I’d always recommend keeping archives of older versions of documentation, as well as the current ones. This allows you to ‘roll back’ any areas that you’ve changed your mind on, as well as refer back to them to confirm the dates a change was made.


That’s it (for now at least)! We will now return to your regular scheduled technical blogs : )

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Further Reading

Most of this blog is from my own experiences but I can’t lay claim to it all. If you’re looking for further advice or reading around the subject of documentation and time management in general, I’d highly recommend reading:

“Time Management for System Administrators” by Thomas A. Limoncelli

Mac Meetup Presents: WWDC 2015 Live Stream London

wwdc live stream london

Apple has confirmed that their annual WWDC event will kick off on the 8th of June. We’ll be hosting a WWDC event by streaming the keynote live on a big screen at our centre in Soho. So if you’re looking for a place to watch the keynote in London with friends and colleagues then register online today.

We will also be laying on a feast of both pizza, beer and soft drinks, plus ample time to network with London’s Apple IT community to discuss what Apple has unveiled.

Tickets are free, but are limited, so registration to guarantee your place is essential.

Event Details:
Location: London
Date: 8th June 2015
Time: 17:45 – 21:00

Confirm Your Ticket For June’s Event

Once you have filled in the form below you will receive your ticket confirmation.

iBeacons for IT and Device Management

I’ve been testing out iBeacons to add new IT capability since JAMF Software added support in Casper 9.5.  After a bumpy start, now we’re up to 9.7+ things are working well.  This blog describes the setup I’m using and some of the functionality that is available.

Support for iBeacons was originally introduced in iOS 7, which has been around for a while now.  Although the core technology is just low-energy Bluetooth, the potential applications are quite broad.

Initially, support for the technology was being written into mobile apps.  Use cases included retail and events as a way to display content to users as they moved within range of a Beacon.

The interesting twist came when JAMF Software added support for iBeacons into the Casper Suite to deploy configuration profiles and trigger policies.  This new functionality has opened up the technology to IT administrators, as we are able to trigger events based on devices entering or leaving iBeacon regions.

A bit of technical information about iBeacons

Just to start off with, I thought it would be worth summarising some of the key technologies I’ll be mentioning in this article.  If you are already familiar with iBeacons, BLE, UUIDs, Majors, Minors and ranges, then you can jump straight to the next section.

iBeacon - This is a technology produced by Apple that enables iPhones & Macs (and Android) to perform actions when in close proximity to an iBeacon.  They are essentially a “trigger” that tells the device to “do something”, consisting of the user device (Mac or iOS) and a small Bluetooth transmitter.  Moving within range of the Bluetooth beacon triggers the event.  What that event is depends on what the app developer has programmed into the code.

Bluetooth Low Energy - Bluetooth Low Energy or BLE is, as you may have guessed, a form of Bluetooth that has greatly reduced power consumption compared to traditional bluetooth devices.  BLE devices are much cheaper to produce, making technologies like iBeacons possible.

UUIDs, Majors & Minors

Although easily mixed up with other technologies, in this case these are iBeacon specific terms:

  • UUID - This is a 128-bit value that is used as an identifier for all of your beacons
  • Major – This is a random number that is used to group your beacons together
  • Minor – This is a unique number, used to identify a specific beacon

So as the administrator you set these yourself, just make sure you understand the difference between UUIDs, Majors and Minors to avoid issues further down the line.

Regions & Ranging - iBeacons have quite accurate measurement capabilities with regards to how far away a device is.  This is determined by the signal strength so as you can imagine, can be skewed by objects in the way, such as walls or other people.

Beacon regions have three options:

  • Immediate (within 5-6 inches)
  • Near (within 2-3 meters)
  • Far (within 10 or so meters)

What can you do with iBeacons and Casper?

So now we’ve got all of that stuff out of the way, let’s get into working with an iBeacon and Casper.  We’re going to look at two features, specifically triggering policies and deploying configuration profiles.  You might think “is that all I can do?” but you need to keep in mind that with these two options you can do almost anything you like.

Getting your JSS setup with a Beacon

Add your iBeacons to the JSS - There are two key things you need to do to get going.  The first is to add your iBeacon to Settings > Network Organisation > iBeacons.  There is a decent guide from Two Canoes here as more of a step by step.

Configure the JSS to monitor iBeacon Regions - In the case of Mac OS X management, the second step is to enable iBeacon region monitoring in Settings > Computer Management > Computer Inventory Collection > Monitor iBeacon Regions:

computer inventory collection


Triggering a Casper policy with an iBeacon

So now that’s set up, let’s get a policy created that can be triggered by an iBeacon.

First off, go to policies and create a new policy.  The policy can do anything you like, although for the sake of demonstration, I would suggest something simple and visible, like adding an icon to the Dock.

For the trigger, select “Custom” and enter “beaconStateChange” as the value.  Using this value will cause this policy to be run whenever a Mac moves within an iBeacon.

Lastly, we need to ensure the policy only runs when the Mac is in range of the iBeacons you have chosen.  In the policy options, click on Scope > Limitations, click “Add” and select your new iBeacon.  Make sure that you have also included your test Macs into the scope, otherwise the policy won’t run!

Now you just need to save the policy settings and test.  Move a Mac (that is in scope) within range of the iBeacon and watch the magic.  When I have tested this there is a short delay (around 20-30 seconds) so be patient.  If you are not sure if anything is happening, open up the /var/log/jamf.log file to see what is going on.

Here’s a snippet from my jamf.log that shows when my Mac entered my Beacon region and triggered a policy:

Fri Apr 24 16:28:18 Daves-Mac jamf[1309]: Entered iBeacon Region 1
Fri Apr 24 16:28:19 Daves-Mac jamf[51798]: Checking for policies triggered by "beaconStateChange"...
Fri Apr 24 16:28:22 Daves-Mac jamf[51798]: Executing Policy iBeacon Mac Test...

(In case you wondered, my test policy in the above example is called “iBeacon Mac Test”).

Running a policy if a device leaves an iBeacon region

There might be some scenarios when you want to trigger a policy if a device leaves an iBeacon region.  I’ve tested this a little by using exclusions instead of limitations.  In theory it is possible, so a device is sitting in range of the beacon and the policy is being blocked.  If the device is moved out of range of the beacon, a state change will be triggered and as the exclusion no longer applies, the policy will run.

I’ve tested this a few ways.  Firstly by simply moving out of range of a beacon.  Sure enough, beaconStateChange kicked in, saw I was no longer being excluded by the particular beacon and the policy ran.  Although this worked fine, I couldn’t imagine all users keeping their laptops open as they move away from the beacon so I also tested it by closing the lid to put my MacBook to sleep, moving away from the beacon and waking it up again.  The beaconStateChange kicked in again and all worked as it should.

This could prove useful if you have a set of devices that should always be in a particular location.  If they are not in that location you could trigger policies or push config profiles to lock, track or disable the device.

Configuration Profiles

These will work in in similar way to policies, although they are also available for iOS devices.  All you need to do is create a configuration profile, scope it to the target devices (Mac and/or iOS) and add the relevant iBeacon limitation.

In Casper 9.5, lots of people tested web clips first to see what the behaviour was like.  This uncovered a bug that was specific to iBeacons and deploying web clips as part of a configuration profile.  I have since tested this in v9.7 and it worked fine on my iOS device (running 8.3 (12F70) in case you wondered).

Use Cases

So hopefully this has given you a bit of an idea for what you can do with iBeacons and Casper.  As this is a new piece of technology, I’ve had lots of thoughts pop into my head on how to make use of it.


The possibilities are endless here, but I will point out (probably stating the obvious) that you need to use some caution.  Don’t start off deploying the Adobe Creative Suite as your first test.  Remember that we’re dealing with Bluetooth, which has been known to have its moments of instability over the years, and bear in mind that what might work in a controlled test with a couple of devices, might fall apart when you’re dealing with a full classroom of student devices or a packed meeting room.

From my perspective, I would consider using iBeacon triggers for the following policies:

  • Deploying very small apps - I’m talking under 50MB at this stage, but there could be some cases where you want to deploy a small app or plugin if a device goes into a specific room.
  • Dock icons - Always useful and in my testing, using the standard Casper Dock icon options I could add items nice and easily.
  • Printers – This is a more obvious one, as they are so often based on geographical location, but you can of course deploy printers based on a device entering an iBeacon region
  • Running scripts or commands – As with the other examples, triggering scripts will have its uses

Configuration Profiles

These are a bit more limited compared to policies, but have the benefit of including iOS devices.  Some of the options I like the look of are:

  • iOS Webclips - Nice and easy to deploy with no user interaction.
  • Airplay password - If you had a password protected Apple TV, you could punch a config profile that includes the code to devices that have entered the iBeacon region.  This would help reduce the risk that someone connects to the wrong one if you have a few of them
  • Restrictions – Possibly for an “exam mode” setup, a set of restrictions could be applied while devices are in range of the specified iBeacon
  • Single App Mode - Following the “exam mode” theme of restrictions, you could lock iOS devices into a specific app if they enter a particular iBeacon region
  • WiFi – If you have different WiFi networks or SSIDs, you could have the necessary config profile deploy at a building entrance.  I could see this being useful for international offices to reduce the use of data roaming.

Interested in learning more about iBeacons and how you can implement this technology within your IT network? Call Amsys today on 0208 660 9999 or email support@amsys.co.uk.

My Apple Watch experience (Part 1)

daryl's apple watchLike many people, I was unsure of the amount of use I would find for the new Apple Watch beyond being able to tell the time (very accurately though might I add).

After some to and fro, I decided that it had an  logo on it so like all the products it was going to make my life better by having it.

My experience began with the preorder, April 11th came and while in London and without a prearranged appointment I decided to go to the Apple Store with my fiancé to at least take a look at them.

I was very much unsure which size I would like either the 38mm or the 42mm (mainly due to having pretty slim wrists).

I got to the Watch Display desk, and an Apple Genius asked if I had an appointment and if not would I like one. 10 Minutes later I was being shown both models and having my 15-minute appointment. My 15 minutes turned out to be 5 minutes when I quickly decided that I was sold on a 42mm Watch Sport.

The order even in-store is done online and estimated dispatch even on day 2 of preorder was straight to June. Now for me this was a Birthday Present and therefore I was hoping it would arrive for the big day (May 10th).

April 23rd and I was very excited to read that dispatches were being released and to my surprise mine was along with them. Not anywhere near the June dispatch date, but I wasn’t going to complain.

Now for the dilemma, the watch arrives on the 24th April yet my birthday was not until May 10th. Luckily I was allowed a day pass to use the Watch. Being the usual earlier adopter at Amsys I couldn’t be the only one to have an Watch delivered and then tell everyone that it had to stay in the box.

It arrived and with much excitement began to unbox. My first surprise was the weight of the box itself; it weighed about the same as the 11” MacBook Air. I fought my way through the packaging that we all come to expect from Apple is well thought out and just adds to the overall experience, it was finally in my hand!

apple sports watch amsys

I continued to open the box also to discover the smaller Sports Watch Strap, Magnetic Charging Cable and the redesigned Power Adapter.

apple watch components

The pairing was easy to do with my iPhone, and it is immediately ready to use after that. The straps are easy to change, and The Watch Sport strap is very comfortable. You may find a little awkward to get on at first as it needs to be pretty tight to work more accurately at picking up your heart beat.

I used a few of the apps, sent some texts and took a phone call – all these features seemed to work well. I wish that at this stage I could give you some more insight into the day to day workings of the Watch but unfortunately I have had to return it to my fiancé for safe keeping until my birthday comes around. Yes, she does wear the trousers in our relationship.

After a week of day to day usage, I will blog again with my findings, and hopefully they will help you decide on a future purchase!

How to use the Emoji Skin Tones in OS X & iOS

Apple recently released its OS X v10.10.3 and iOS v8.3 updates. Amongst the large list of bug fixes and improvements came “a redesigned Emoji keyboard with over 300 new characters”! Not just that, but there are now various skin tones and hair colours available for most of the ‘people’ Emojis. So, now you don’t have to just send someone a ‘Simpsons-esque yellow person’ anymore.

These new skin tones and hair colours are mainly for the Emoji people emoticons of just a face, as opposed to the Emojis of an entire person’s body, a group or family of people or the standard ‘Smiley face’ Emojis.

For the ones that have the extra skin tones, you’ll be offered along with the default yellow skin tone, 5 new ones ranging from light skin to dark skin.

So, how can you access these? I’ll show you how to access these in both OS X v10.10.3 and in iOS v8.3.

Firstly, how to access the new Emoji Skin Tones in OS X Yosemite v10.10.3:

1) Open an app that supports Emoji character entry, (for my demo I will be using TextEdit).

2) Access the Emoji character list as normal for that application.

For TextEdit, I have selected Emoji and Symbols from the Edit menu:

using the emoji skin tones

3) The first thing to notice about the Emoji and Symbols is the redesigned Emoji keyboard:

emoji ios keyboard

As well as the separate categories at the bottom that you can click on to quickly go to the ‘PEOPLE’ or ‘NATURE’ Emojis for example, you can now directly scroll through the entire list of Emojis in one go.

4) Right, on to accessing these new skin tones.

Click and hold on an Emoji PEOPLE icon and a pop up window should appear offering you the 6 skin tones for that Emoji.

(Remember that only some of the people icons have different skin tones available):

people emojis

As you can see from the screenshot above, by clicking and holding on the police officer emoji, as well as the original yellow skin tone option, there are 5 new light skin to dark skin options.

5) Once you have selected the Emoji skin tone of your choice, this will not only be entered as a character in your document or text message, this skin tone will also now be the new default skin tone for that particular Emoji character in the future:

default skin tone emoji

Notice above that the dark skin Police officer is now my default skin tone for the police officer Emoji once I had chosen that skin tone to use.

NOTE: For those of you using the nice new MacBook and MacBook Pros with Force Touch trackpads, you can perform a secondary, harder tap to access the skin tone modifier window.

Remember, not all the Emjois in the PEOPLE category have these alternative skin tones. This may be added in a future release though so keep an eye out.

For now, emojis like the ‘Family’ and ‘Group’ ones still only have the yellow tone.

So, let’s now see how to access the new Emoji Skin Tones in iOS v8.3:

1) Open an app that supports Emoji character entry, (for my demo I will be using Messages).

2) Access the Emoji character list as normal for that application.

For Messages I have selected the :) smiley face icon from the keyboard:

using the emoji skin tones ios

Again, notice the redesigned Emoji keyboard.

3) Tap and hold on an Emoji PEOPLE icon and a pop up window should appear offering you the 6 skin tones for that Emoji.

(Remember that only some of the people icons have different skin tones):

emoji ios device keyboard

You may also notice that when you first enter the emoji keyboard, iOS informs you of this new skin tone feature:

emoji skin tone message

Remember, Mac users will need to have updated to OS X v10.10.3 (or later) to access the new Emoji keyboard and skin tones. iOS users will need to update to iOS v8.3 (or later).

Worth noting:

If you send someone a message with one of these new emojis, they will need OS X v10.10.3 or iOS v8.3 on their device to see this new icon. Otherwise they will receive a message like the one below:

message update ios 8 emojis

Notice the ‘alien’ icon after the default ‘Older man’ emoji indicating that an icon could not be read correctly.

So there you go, enjoy your new Emojis and your new skin tones!

I hope you have found this blog useful.

If you would like to learn more about using and supporting Apple Devices, then take a look at our collection of OS X and iOS training courses. Amsys is the UK’s largest training centre and offer classroom based and onsite training on a range of OS X and iOS training courses.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

These features were tested using OS X Yosemite v10.10.3 and iOS v8.3 which were the latest Mac OS and iOS releases at the time of writing.

Microsoft, iOS and New Dev Tools

This week saw Microsoft host its developer conference and announced a host of exciting new tools for iOS and OS X developers.

The first piece of news is that Microsoft will be adding a new toolkit to Visual Studio, which is their development platform, that will allow iOS developers to port their existing iOS apps to the Windows platform.

Microsoft will be adding an Objective-C toolchain and some middleware that will provide iOS APIs that iOS apps are expected. With very little modification you will be able to port your existing app to Windows.

As a demo, developers Kings, showcased their Candy Crush iOS game running on a Windows Phone, claiming only a few percent of code had to be changed in order to port the app.

The second piece of news is that Microsoft are releasing a new Code Editor that will run natively on OS X and Linux, called Visual Studio Code. This is not their full IDE but a new code editor that offers a number of features including:

  • IntelliSense code completion
  • Support for ASP.NET 5 development with C#
  • Node.js development with TypeScript and JavaScript
  • Includes tools for web technologies such as HTML, CSS, LESS, SASS, and JSON
  • GIT repositories

A preview version can be found here

It’s early days yet for these tools and they certainly won’t replace Xcode but it will give Apple developers new opportunities and new markets to target.


The dreaded D word – Documentation (Part 1)

Yup, for most techies, the dreaded “D” word. Give most admins a new network or a new server to install and they’ll leap to the task. Ask them to document the work they are doing and you can hear the groan.

I’ve decided to use this post to delve into the advantages of Documentation to try and change your mind.


Straight to the point, why on earth should you do documentation? Well, I’m not here to lecture you on any possible expectations for your role or any other nasty managerial reasons, so instead how about some selfish reasons?

Easily repeatable

So you’re setting up another Foo server for the n’th time. You’ve got a number of steps that need to be followed to have the server configured as required. The task is manual, long and dull. Plus you may be a little hung over from the previous night’s Mac Meet Up. Also, you’re human.

In this scenario, it can be easy to make mistakes, or to forget steps, possibly a crucial step that isn’t obvious until the server is fully running. With some form of documentation, this can form a nice and simple task list to work through, ensuring that you don’t miss any steps.

Knowledge Share: Delegate the task

AKA: Palm the task off to the next person down the departmental ladder.

With documentation, it makes it easier to off-load tasks to a more junior member of the team freeing you up to do more technically demanding (or less boring) tasks. Without documentation, it would be trickier to, *ahem*, delegate the task.

Knowledge Share: Teaching others

Having a decent set of documentation can help form internal training materials or lesson plans, allowing other members of staff to educate themselves on solutions and configurations they may not be familiar with.

Knowledge Share: Take a holiday!

The real reason these three are lumped together: The more people who have decent documentation on a task, the less only you can do. The less you need to do, the easier it is for you to take a vacation!

Mentally closing a project

This one is a more mental benefit, and possibly one unique to me, documenting all of the work I’ve done on a project helps me to brain dump all the potential items out of my head and mentally shelf the information, or clear the decks, helping me to be refreshed and ready for the next one.


My favourite word and the end goal of most Administrators. It is very difficult to automate a task if you don’t know (or can’t remember) the steps required for a task. Once you’ve got the documentation, you can build the automation. Once you’ve got the automation, you free up time and brain power for more things. The free time / power can be used to automate more things, and the cycle continues.

Why Not?

I can’t do the Why, without the Why not.

It takes too long

The time taken on the documentation can be directly dictated by the detail in the documentation. Personally, I know it’s not what you necessarily want to hear, but I’d always take as long as needed to get the documentation right. But on the flip side, short documentation is better than no documentation and if you’re tight on time (or patience) then write as much as you can, but schedule some time to return and ‘complete’ it.

It’s dull and boring

Generally, yes, I’d agree with that. But one thing I’ve found is that the better documentation I complete, the less questions I get from colleagues and customers when I’m in the middle of other projects / vacation / the pub. Of the two options, I know which I’d prefer!

Very little reward

Typically I’d agree. Completing a perfect piece of documentation, just to know it’ll get less attention or thanks than a server install (even though it is possibly just as important) can suck the motivation right out of you. Then again, I have had a few customers be pleasantly surprised by good documentation, even going as far as basing recommendations around it. And hey, at a minimum, being able to tell a customer “if you could check out page X of the documentation you’ll find the answer there” is great.


There you go! I hope to have at least caused some of you to stop and think about the advantages of good documentation, or even to start work on some of your own. Maybe next time I’ll look into the various types, and some possible hints I’ve used to help you along the way

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Further Reading

Most of this blog is from my own experiences but I can’t lay claim to it all. If you’re looking for further advice or reading around the subject of documentation and time management in general, I’d highly recommend reading:

“Time Management for System Administrators” by Thomas A. Limoncelli

ISBN-10: 0596007833

ISBN-13: 978-0596007836

Pro Video Formats 2.01

A few days ago Apple released the Pro Video Formats 2.01 update for OS X. A lot of people have noticed that after installing the update, it keeps re-appearing as an available update to install within the Mac App Store app.

There are a number of fixes for this but one of the simplest is as follows.

  • First download the stand alone version of this update from Apple. You can grab it here. You will download a disk image.
  • If you open the disk image up you will find the installer. If you simply run this installer you will find that you still get the same issue.
  • Instead we will use the great tool Pacifist to install it. You can get the app here.
  • Run Pacifist and open the installer found on the disk image you downloaded.
  • You will be presented with a list of contents. Select the first item in the list and click the install button. If you get a message that some items already exist, click the replace button

After performing this task you should find the update is no longer listed as available but is now in the installed section of the Mac App Store app.

Apple Watch: Start Your Developer Engines

Today the first batch of Apple Watches should start shipping to those lucky few. So I thought it would be nice to have an overview of WatchKit, the development platform from Apple that allows you to build Apps for the Apple Watch.

The Architecture

So as it stands at the moment, true native apps cannot be built for the Apple Watch. These have been promised for sometime in 2015, and it may be that we will see the first sign of these at this year’s WWDC.

Instead apps you build heavily rely on the iPhone paired with the watch.

Any app you build essentially has two halves.

  •  One-half lives on the Apple Watch.  This is your WatchKit App. This  app handles the user interface, any user interaction but very importantly – does not run any code. In fact, you could say the Apple Watch behaves like a second screen to the iPhone
  • The other half is a WatchKit extension that lives in the corresponding iPhone app. It’s this app that runs all of your code. It’s responsible for deciding what to display on the Apple Watch, what actions to perform when the user interacts with the Apple Watch, etc.

What’s clever about this setup is that when you design your app in Xcode, you design the Apple Watch screens as you would any local iPhone screen. When the app is then running, WatchKit  automatically handles all the communication between the two devices over Bluetooth.


WatchKit Apps

Your app on the Apple Watch contains a full user interface. Users can launch, control, and interact with your app in ways unique to Apple Watch.

Apple supply quite a few controls that allow you to build up your user interface including:

  • Labels


  • Tables


  • Buttons


  • Switches



  • Sliders



  • Date and Timers


  • Maps



Apple has also simplified the way you lay out your user interface. With iPhone apps, we have a system called AutoLayout that allows us to design complex screens that will scale to any device size. For the Apple Watch, Apple has simplified things by introducing groups.

Groups  are a container for other elements such as your labels and button. They give you the option to arrange elements in the group horizontally as well as vertically.

Glances and Notifications

As well as building Apps that users can interact with, Apple has  supplied two other methods of presenting information to the Apple Watch user.


A glance is a supplemental way for the user to view important information from your app. A glance immediately provides relevant information in a timely manner. For example, the glance for a calendar app might show information about the user’s next meeting. Glances do not support interactivity.




By default, any notifications received by the iPhone will also be presented to the Watch. The Watch uses a minimal interface to display incoming notifications. When the user’s movement indicates a desire to see more information, the minimal interface changes to a more detailed interface displaying the contents of the notification.


All in all Apple has provided some great APIs to kick start Apple Watch development, and when we get the SDK for native apps later on this year things can only get better.

If you are interested in learning how to develop Apps for iOS and the Apple Watch then check out our range of Apple Watch Development courses here




Don’t miss the OS X Yosemite Server Seminar

Are you thinking about integrating OS X into Active Directory and would like to understand this subject matter better including best practices?

If so, then attend the OS X Yosemite Server 1 day seminar on the 22nd of May in London.

Amsys Training is hosting this one-off seminar, led by our Apple Master Trainer, that will demonstrate and explain the various options to fill in the blanks left by Server app and provide hands-on scenarios for you to see different solutions in action.

Places are limited, therefore, booking ASAP is advised to avoid disappointment

What the OS X Yosemite Server Seminar will teach you

  • How to plan configuration of your server past the limitations of the Server App.
  • How to utilise the many command line tools supplied by Apple but hidden behind the scenes.
  • An understanding of OS X installer Packages through the command line.
  • How to integrate the Client into several Directories services.
  • An overview and understanding LDAP.
  • Troubleshooting login issues.

Plus much more.

Who Should Attend?

If you’re a Mac Admin, an existing Mac Support tech and want to upgrade your skill set, or need to know how to streamline your Server then book this 1 day seminar this May.

Pre-requisites? You should have a background in IT support and a basic understanding in OS X to attend this seminar.

During this 1 day OS X Server seminar we will cover the following topics:

  • Server app: Become an expert with the standard Server app including understanding what the tool is doing behind the scenes.
  • Headless Management and maintenance: Learn how to manage your server over VNC and SSH.
  • DNS & Bind: DNS is a key service so you will learn how to configure, protect and troubleshooting the DNS service.
  • Server command line tools: Learn how to utilise the many command line tools supplied by Apple including serveradmin, systemsetup and networksetup.
  • Local Directory: Understanding the Local Directory and what is required by the system for the user accounts. See how the local Directory interacts with the processes and what tools we can use to modify it.
  • OpenDirectory: Learn to use the number of command line tools to help configure and troubleshoot OpenDirectory.
  • Accessing Third Party Servers: Understanding LDAP Configuring OS X client computer to log in using a standard LDAP server.
  • Directory Solutions: Look into different options like implementing the Golden Triangle, substitutions and repurposing.
  • Profile Manager: Have a greater understanding on how this service works including auto enrolment, using the profiles command line tools.
  • File Sharing: Services: Learn how configure file sharing services from the command line.
  • Permissions: Understand how Apple implements permissions on OS X Server and how to manipulate them from the command line.
  • Web: OS X Server hides a lot of the features available to Apache, learn how to configure and modify Apache configuration pages.
  • Caching Service: Learn why this is a great service, how it works and how to troubleshoot it and modify it’s settings.

Price: This seminar is just £195 + VAT (RRP: £260)

Book now to avoid missing out


Understanding Apple’s Device Enrolment Program (DEP)

DEP or Device Enrollment Program is a new service from Apple that lets you automatically enrol new devices (OS X & iOS) with your MDM as they progress through the setup assistant. Up until now, connecting devices to a management system has required some user interaction, either by IT or the end user.

We have been able to setup user self-enrollment but there has been the risk that the user doesn’t do it, which means the business doesn’t have an inventory record and has no way to manage the device. For the first time, we can take a brand new device out of the box, go through the setup assistant and have it enrol with the management service without any technical input.

As you can imagine, this opens up some new scenarios with regards to device deployment.

Depending on your configuration, you can theoretically ship the devices direct to the users, knowing that the devices will appear in MDM once they set it up.

We were naturally very interested in the real world applications and challenges with this new service so in this blog post we describe a bit about how it works and some of our experiences as we were testing it.

How does DEP work?

This is by no means a deep dive into the inner workings of DEP, but should suffice to give you some understanding of the processes at work.

Devices that run through the Apple setup assistant are programmed to contact Apple to see if there is a DEP registration that matches their serial number. If there is, they will receive the details of the specified MDM service from Apple and then enrol into the management system.

In the case of The Casper Suite from JAMF Software, the device enrols, installs the JAMF binary (if it’s an OS X device), installs Self Service (if the JSS is set to do so) and configures any other computer management framework tasks like startup, login and logout triggers.

From that point on you can start dropping the devices into smart groups, running policies and all the other good stuff you need to get the devices setup and ready for use.

Getting set up

To get up and running with DEP, you need to register on Apple’s website here.

apple dep registration

It didn’t seem that you could use an existing Apple ID for this purpose. In fact, this was the same for adding additional administrators. I had to create a new Apple ID before I could be added as a DEP administrator by my colleague.

Once you’ve verified the Apple ID, the next step is to complete some of the institutional information:

dep institutional details apple

Most of these details are straightforward, but there are a few things to note.

Company D-U-N-S

This is an identification number for businesses regulated by Dun & Bradstreet (D&B) that assigns a unique numeric identifier, referred to as a “DUNS number” to a single business entity.

Devices Purchased From

This is an important bit. It will be used to associate the serial numbers of any devices you purchase with your DEP account. You can add multiple sources including Apple and third-party resellers, as long as they are official Apple resellers and registered with the DEP service. So if you purchase some of your Macs from Apple and some from a reseller, they will all link back to your DEP account and in turn your MDM.

Once you have submitted the application, Apple will check the details and process the registration. In our case, we only have a single Apple account, so we entered our account number. Shortly after submitting the registration we received a phone call from Apple to verify our details and to get authorisation from a company representative.

Some people have mentioned that the registration process can take a few days to complete. In our case, we were up and running within a few hours, but I guess your mileage may vary.

Link the The Casper Suite JSS to DEP

The next step is to link your DEP account to your MDM. In the case of The Casper Suite, we needed to:

  • Select Device Enrollment Program from the Global Management screen and download the Public Key
  • Use the public key to add the JSS to the Apple DEP portal. Adding the server to the DEP portal provides a Server Token File
  • Take the Server Token File and use it to add the account to the JSS

Once you have added the server to the DEP portal, you can set whether newly purchased devices are automatically enrolled into your MDM.

Configure PreStage Enrolments

Next you need to configure PreStage Enrolments. This is used to set what happens when a device is directed to the JSS by DEP. Click New, set the scope and options.

Amongst other things, you will have the option to decide which setup screens are to be shown on the clients:

configure prestage enrolments

Some other points

Network – As you can imagine, this process only works if the clients are connected to a network that allows communication with Apple and the JSS.  In larger corporate environments or schools, this is likely to cause problems as there are often port filtering, 802.1X, and other security systems in place that will prevent communication.  One solution is to create an enrollment SSID that can only communicate with the Apple and JSS servers.  Users can connect to that network for the initial setup, after which the JSS can configure the devices for the main network.  If your corporate wireless network requires the devices to be connected to Active Directory for device certificates (for example), that SSID won’t be suitable for DEP.

User accounts – As you can see above, there isn’t an option to stop the user creating a local admin account.  If this is OK for your organisation, then there is nothing more to do.  If however you need the users to work with standard user accounts, or even directory users, you will need to run policies from the JSS after enrollment to perform the additional configuration, and possibly delete the local admin user account that the user created.

Targeting DEP enrolled Macs for policies - If you do want to target the DEP enrolled Macs with policies from the JSS, there is a Smart group criteria option called “Enrollment Method.”  Select “PreStage enrollment” as the value, and this will identify those devices.  I would avoid adding too many policies, particularly those that install software unless you can be sure the device will be on a fast enough link.  If the user sets up their device from home and a policy starts installing the Adobe Creative Suite, this will be a problem.

Adding legacy Macs - It is possible to add existing devices to your DEP account.  We tested this with a few Macs going back to 2012 which worked OK.  We just needed to add the serial numbers to the DEP portal.


So all in all it looks like a pretty useful service.  There are, of course, some challenges for larger corporations with enterprise networks and other security policies, but from our perspective Apple have given us more options and functionality, which is a good thing.  The added bonus in the case of The Casper Suite, is that the JAMF binary is installed on new Macs, allowing you to fully manage the device, without it ever being touched by the IT team.

Other useful links

Speak to our team of fully certified Apple experts today to see how we can help you by calling 0208 660 9999 or emailing henryc@amsys.co.uk.

Mac Printing Scripts Mashup

Hi all. I’m doing something a little different this time and I’ve got 4 small scripts relating to printers on Mac that I’d like to share. They’ve been pulled together from various places and tweaked many times since I’ve started using them and I thought I should share what I’ve got. Hopefully they’ll help save another Mac Admin some time!

Add Everyone to Printer Admins

This script uses the ‘dseditgroup’ command to add the “Everyone” user group (which all users are a member of, hence the name) to the “lpadmin” group (effectively the ‘printer admins’ group).

This change will allow all users to carry out tasks such as resuming a print queue without entering administration credentials. As long as the users are not administrative users themselves, they won’t be able to add or remove printers from the Printing System Preference pane.

I’ve used this for staff Macs in schools where the staff members would take a device home, and attempt to print to the school print server queues. Once the print job timed out, the queue would be paused and require an administrative credentials to resume.

dseditgroup -o edit -a "everyone" -t group lpadmin
exit $?

Disable Printer Sharing On All Queues

This script uses the lpstat and lpadmin commands to disable printer sharing on all print queues. Often, when a print queue is deployed using management, it is automatically configured as shared. Now, without enabling printer sharing in the Sharing Printing System Preference pane this won’t do much, but can annoy / worry some business owners.

I’ve used this script in a handful of places where users may add print queues themselves, or the site uses a particular method to deploy print queues that typically have sharing enabled but not desired. This script can be run each time a print queue is added (afterwards!) or every day / week / month etc.

lpstat -p | grep printer | cut -d" " -f2 | xargs -I {} lpadmin -p {} -o printer-is-shared=False
exit $?

Remove MCX Printers

This script will use the lpstat and lpadmin commands to find any print queues listed as ‘mcx’ print queues, and remove them.

I’ve used this script when migrating a few customers from one management solution to another. It pruned out the previous management solution’s print queues, ready to receive the new management solution’s queues. This ensured that the devices in question were in a ‘known’ state, rather than possibly be missing queues or have duplicate queues

for printer in `lpstat -p | grep 'mcx ' | awk '{print $2}'` ; do
        lpadmin -x $printer
exit 0

Remove All Print Queues

This script uses lpstate and lprm commands to loop through and remove all locally added printers.

I’ve used this script in a similar way to the Remove MCX Printers script above to reset a Mac device to a ‘known’ state regarding the print queues, i.e. no print queues!

lpstat -p | awk '{print $2}' | while read printer
  echo "Clearing Queue for Printer:" $printer
  lprm - -P $printer


There you go! I hope that they can prove helpful to someone. Apologies that I cannot remember sources for the information and / or scripts. Please feel free to give me a shout out and I’ll edit the post to give credit where credit is due!

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Thanks for attending the Mac Meetup with JAMF Software

mac meetup jamf software london
Thanks to everyone who made it to the Mac Meetup with JAMF Software earlier on this week, making it the biggest and best event yet!

The event was hosted at our new Apple Support and Service Centre in London and the topic of the night was DEP and the Casper Suite. JAMF Software’s, Gib Chan demonstrated how businesses can automate device enrollment and streamline the initial setup process for new devices. Organisations can now use the two tools together to create a zero touch system for IT admins and a simplified experience for their users.

What was discussed during April’s event:

  • How to leverage Apple’s new Deployment programme.
  • How to create a simplified set up experience for users.
  • How to eliminate bottlenecks commonly associated in deployments to new users.
  • Triggering initial configs with Casper and DEP.

Watch this space for more events coming up or join the LinkedIn group here.  A special thanks also goes to Motion Bug for taking the photos on the night, which you can view below.

20150414-DSCF7307 mac-meetup-jamf-amsys

mac meetup april 2015



The latest OS X and iOS 8 updates

Yesterday Apple released two new updates to both Yosemite and iOS 8, which have addressed a number of key features and issues, including:

  • The issue that could cause Macs bound to an Active Directory server to become unresponsive at startup
  • Improved Wi-Fi performance and connectivity in various usage scenarios
  • A number of security fixes

This is a significant update therefore updating as soon as possible is highly recommended as a number of security holes have been patched.

What else is included in 10.10.3?

The update has also released the new Photos app, which is the replacement for iPhoto and Aperture – which should be very interesting.

With Photos you can:

  • Browse your photos by time and location in Moments, Collections, and Years views
  • Navigate your library using convenient Photos, Shared, Albums, and Projects tabs
  • Store all of your photos and videos in iCloud Photo Library in their original format and in full resolution
  • Access your photos and videos stored in iCloud Photo Library from your Mac, iPhone, iPad, or iCloud.com with your web browser
  • Perfect your photos with powerful and easy-to-use editing tools that optimize with a single click or slider, or allow precise adjustments with detailed controls
  • Create professional-quality photo books with simplified bookmaking tools, new Apple-designed themes, and new square book formats
  • Purchase prints in new square and panoramic sizes
How to upgrade your iPhoto Library to Photos: 

It’s easy to upgrade your iPhoto library to Photos – just open the app to get started. To learn more about Photos, visit Apple’s website here.

This update also includes the following improvements:

  • Adds Spotlight suggestions to Look Up
  • Prevents Safari from saving website favicon URLs used in Private Browsing
  • Improves stability and security in Safari
  • Improves Wi-Fi performance and connectivity in various usage scenarios
  • Improves compatibility with captive Wi-Fi network environments
  • Fixes an issue that might cause Bluetooth devices to disconnect
  • Improves screen sharing reliability

For enterprise customers, this update includes the following:

  • Addresses an issue that could cause Macs bound to an Active Directory server to become unresponsive at startup
  • Provides the ability to set an umask that’s respected by GUI apps
  • Fixes an issue installing a configuration profile for 802.1x with EAP-TLS
  • Resolves an issue where folders from a DFS share point might “disappear” when viewed from the Finder on some Macs

iOS 8 Updates

  • These are just some of the important features with the latest update to iOS 8:
  • Fixes an issue where you could be continuously prompted for login credentials
  • Addresses an issue where some devices disconnect intermittently from Wi-Fi networks
  • Fixes an issue where hands-free phone calls could become disconnected
  • Adds the ability to report junk messages directly from the Messages app
  • Adds the ability to filter out iMessages that are not sent by your contacts
  • Fixes a bug where certain apps would not launch or update on family members’ devices
  • Improves reliability of installing and updating enterprise apps
  • Corrects the time zone of Calendar events created in IBM Notes
  • Improves reliability of saving the password for a web proxy
  • Exchange out-of-office message can now be edited separately for external replies
  • Improves recovery of Exchange accounts from temporary connection problems
  • Improves compatibility of VPN and web proxy solutions
  • Allows use of physical keyboards to log into Safari web sheets, such as for joining a public Wi-Fi network
  • Fixes an issue that caused Exchange meetings with long notes to be truncated
  • Accessibility fixes
  • Fixes an issue where using the back button in Safari causes VoiceOver gestures to not respond
  • Adds the ability to remove shipping and billing addresses used with Apple Pay
  • Improves stability for Phone, Mail, Bluetooth connectivity, Photos, Safari tabs, Settings, Weather and Genius Playlists in Music
  • Addresses an issue that prevented opening links in Safari PDFs
  • Fixes an issue where selecting Clear History and Website Data in Safari Settings did not clear all data

For more information about these latest software updates, please visit the Apple Website here.

Disclaimer: As with all major software updates we advise taking a back up of all your devices and running a test, if possible, before updating.

OS X Yosemite hidden feature series – Part 4

The next part in this series, will focus on calling and messaging features. Remember, I am calling these ‘hidden’ features since they may not be obvious how to access them, may not be easy to understand what they do, or just not well documented directly by Apple.

New Feature 1: FaceTime iPhone Calls

What is it?

OS X Yosemite, along with iOS 8, supports Mac users making and receiving phone calls using an iPhone’s cellular connection.

No longer do you have to scramble around to find your phone when someone is calling you, you can answer the call via the FaceTime app on your Mac. You can even initiate calls from your Mac using your iPhone’s cellular connection.

How does it work?

As with most features, there is a hardware and software requirement.

Mac requirements:

  • Your Mac must be running OS X Yosemite 10.10 or later
  • Signed into iCloud using the same Apple ID as the iPhone (Check iCloud System Preferences)
  • Signed in to FaceTime using the same Apple ID as the iPhone (Check FaceTime application Preferences)
  • Connected to the same Wi-Fi network and router as iPhone to make and receive calls

iPhone requirements:

  • Your iPhone must be running iOS 8 or later.
  • Signed into iCloud using the same Apple ID as the Mac (Check Settings > iCloud)
  • Signed in to FaceTime using the same Apple ID as the Mac (Check Settings > FaceTime)
  • Connected to the same Wi-Fi network and router as the Mac

Once you have the requirements sorted, there’s just a single setting on both the Mac and iPhone to enable and you’re all set!

  • On your iPhone, go to Settings > FaceTime > turn on iPhone Mobile/Cellular Calls.
  • On a Mac, open the FaceTime app and go to Preferences > Settings and tick the iPhone Cellular Calls option. You’ll be required to verify the device with a four digit code sent to your iPhone.

As long as you have done everything listed above, you can now start calls from your Mac simply by clicking the phone icon next to a phone number in Contacts, click on the phone number in Calendar, or in Safari you can highlight the number, click the drop down arrow that appears and then select ‘Call using iPhone’.

  • To receive a call, simply select Accept when the call notification appears on your Mac. You can also choose to decline the call or respond with a quick message.
  • Incoming calls will show the caller’s name, number and profile picture if stored in your Contacts.

If you start a call on your Mac, but wish to continue the call on your iPhone, you can do that too! Just tap the green bar at the top of your iPhone to transfer the call to your iPhone.

If you wish to disable this feature, just turn off iPhone cellular calls as follows:

  • On your iPhone, go to Settings > FaceTime > turn off iPhone Mobile/Cellular Calls.
  • On a Mac, open the FaceTime app and go to Preferences > Settings and un-tick the iPhone Cellular Calls option.

Let’s now see it in action!

So now we know how it works, let’s see how to do it!
The following was performed using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Setting up FaceTime iPhone Calls:

Step 1: Enable iPhone Cellular Calls on the iPhone (Settings > FaceTime > turn on iPhone Mobile/Cellular Calls):

setting up iphone facetime calls

Step 2: Enable iPhone Cellular Calls on the Mac (FaceTime app Preferences > Settings and tick the iPhone Cellular Calls option):

Enable iPhone Cellular Calls on the Mac

You’ll be required to verify the device with a four digit code sent to your iPhone.

Answering FaceTime iPhone Calls:

Step 1: Once a phone call has been sent to your iPhone, a notification window should appear at the top right of your screen as shown below:

Answering FaceTime iPhone Calls

Step 2: Simply click on “Accept” when the notification appears to answer the call on your Mac or “Decline” to cancel the call.

You can also click the drop down arrow to reply with a message or receive a notification reminder later so you can call the person back:

reply with message options

Making FaceTime iPhone Calls:

Step 1: To start calls from your Mac, simply click the phone icon next to a phone number in the Contacts application, or you can click on the phone number itself in Calendar. In Safari, you can highlight the number, then click the drop down arrow that appears and then select ‘Call using iPhone’:

making facetime phone calls from your mac

Step 2: Click ‘call’ to confirm and dial the number:

click call to make this call

Step 3: Select ‘Mute’ during the call so the other person can not hear you, selecting ‘End’ once the call is complete:

select mute during the call

Note: You can also start making a call directly in the FaceTime app by simply typing the number into the FaceTime search field:

make call directly from facetime app

I love this feature, it’s so useful when my iPhone is on charge in another room from where I’m sitting with my Mac!

Useful Info about FaceTime iPhone Calls

Having issues getting it to work?

Check the requirements listed above to ensure that everything is configured correctly. Also check the FaceTime settings in Notifications System Preferences to ensure you receive the notifications for incoming calls.

Want to change the FaceTime’s ringtone when receiving calls?

There are quite a few ringtone choices as you can choose any found in iOS 7 or iOS 8, there’s also a “classic” tones option from earlier versions of iOS too!

To change the Ringtone, open the FaceTime application and then open its Preferences. In the Settings tab you can choose a different tone by opening the Ringtone drop down list at the bottom:

ring tone preferences ios os x

Need to enter numbers using a telephone keypad?

If you’re using your Mac to make or receive a call and need to enter information “using your telephone keypad”, for example when calling a bank, you can simply use your Mac keyboard whilst in the FaceTime app and it will send the keyboard response to your iPhone cellular call!

You should hear the standard Dual-tone multi-frequency (DTMF) tones. (Just make sure you click on the call window at the top right corner of your Mac to make sure the call window is the chosen element before typing).

Do you dislike ‘floating windows’?

You’ll be pleased to hear that you can turn the floating call window into a regular window just by dragging the window away from the corner. (It will also now have the traffic light close and minimize options too!)

Apple support documentation on this feature can be found here.

New Feature 2: SMS via Messages

What is it?

The Messages app in OS X Yosemite has been updated with a few nice features.

The first to mention is the ability to work with standards text messages (SMS). Now you are not just limited to sending and receiving iMessages on your Mac, you can now text those people who chose the dark side and are using Android! :)

You can also start a message conversation from your Mac by clicking a phone number in apps like Safari, Contacts or Calendar.

How does it work?

Again, there is a hardware and software requirement.

Mac requirements:

  • Your Mac must be running OS X Yosemite 10.10 or later
  • Signed into iCloud using the same Apple ID as the iPhone uses for iMessage.
  • Connected to the same Wi-Fi network and router as iPhone to make and receive calls

iPhone requirements:

  • Your iPhone must be running iOS 8 or later.
  • Signed into iCloud using the same Apple ID as the Mac
  • Connected to the same Wi-Fi network and router as the Mac

Once you have the relevant requirements confirmed, there’s just a single setting on your iPhone to enable and you’re all good to go!

  • On your iPhone, go to Settings > Messages > select Text Message Forwarding, then turn on the switch alongside the name of your computer.

Let’s now see it in action!

So now we know what it does, let’s show you how it’s done!
Again, this demo was performed using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Step 1: Enable Text Message Forwarding on your iPhone, (Settings > Messages > select Text Message Forwarding, then turn on the switch alongside the computer name of your Mac):

Enable Text Message Forwarding on your iPhone

Step 2: As long as your Mac and iPhone are using the same iCloud account and are on the same Wi-Fi network, you should be able to open the Messages application and start sending messages to any mobile number regardless of whether the recipient has an iPhone or not.

Either select a person in the previous history to continue an existing text chat or click the ‘Compose’ icon  to start a new conversation, selecting a person in your Contacts or entering their mobile number manually.

As with the iPhone Messages app, iMessages you send will appear in Blue, standard texts in Green.

Useful Info about SMS via Messages

The only issue I have found with this feature is that texts sometimes fail as my Mac and iPhone may auto join different Wi-Fi networks that are in range if I’ve connected to more than one in the same building. Thus the texts will not send! So just make sure before you start a text that your 2 devices are on the same network.

If you wish to disable this feature, simply turn off Text Message Forwarding on your iPhone:

Open the Settings app, go to Messages, select Text Message Forwarding, then turn OFF the switch alongside the computer name of your Mac.

New Feature 3: Voice Messaging via Messages

What is it?

Another new feature in the Messages app in OS X Yosemite and iOS 8 is the ability to send short Voice clips to other iMessage users.

How does it work?

This feature is linked to iMessage, therefore an Apple ID must be signed into the Messages application.
Simply go to Messages and sign in to iMessage with your Apple ID credentials. If you do not receive the setup assistant, go to Messages Preferences > Accounts and select the iMessage account and sign in.

As long as your Microphone is enabled in Sound System Preferences, (select Internal Microphone from the Input tab), you can simply click on the Microphone icon  to the right of the iMessage text window to capture sounds and make them part of iMessage conversations.

Let’s now see it in action!

Let’s see a quick demo of how it’s done! The following was again performed using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Step 1: Verify correct configuration of your internal Microphone in Sound System Preferences, (select Internal Microphone from the Input tab). Also verify iMessage setup within the Messages application by going to the Messages Preferences > Accounts and select the iMessage account.

Sign in if you are not already with your Apple ID and ensure correct details are entered into the ‘You can be reached for messages at’ and ‘Start new conversations from’ options. Full details of configuration can be found at here.

Step 2: Once you are setup, simply click on the Microphone icon to the right of the iMessage text window to capture your Microphone sound:

voice messagin ios osx

If the icon is missing, you have either not configured your Microphone or iMessage correctly, or more likely you are trying to message someone who does not have iMessage (for example, someone who has an Android phone and not an iPhone). Notice the lack of the Microphone icon below when I try and text my Mum as she has a Samsung phone!

imessage an android

Step 3: Speak into your microphone and click the red button to finish recording:

record imessage voice

Step 4: Your voice message is then compressed to make sending and receiving quicker. Once it’s ready to send the ‘Send’ button will appear, click ‘Send’ and you’re done:

send voice message osx

Useful Info about Voice Messaging via Messages

As handy as this little feature is, it only records a short piece of audio and then allows you to send it or cancel it. There is no option in between to listen to the recording before sending. So you have to assume what you said was picked up OK and was what you wanted to say!

New Feature 4: Messages Details

What is it?

OS X Yosemite and iOS 8 added another nice new feature to the Messages app. You can now view much more information about a chat participant and directly respond back to participants. For example, you can now view all images sent within a conversation between a chat participant and yourself.

How does it work?

It’s very simple. Once you have selected a chat participant in the Messages sidebar, you can click the ‘Details’ button at the top right of the chat window and a pop-out window appears providing options to interact with the recipient such as screen share, FaceTime and making a phone call.

You can also toggle ‘Do Not Disturb’ from here so that notifications from this conversation are muted, and even better, this Details window will show you all the attachments sent and received within this conversation.

Let’s now see it in action!

As before, to demonstrate this I will be using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2.

Step 1: Open the Messages app on your Mac and wait a few seconds for your accounts to log in and update any messages made with another Apple device (such as your iPhone or iPad).

Step 2: Select a chat participant’s name from the left hand sidebar to load up all conversations made between yourself and that person based on any contact details in your Contacts app. (If this person has multiple messaging accounts and phone numbers stored in your Contacts app, these are usually merged into one conversation window).

Step 3: Click on the ‘Details’ button at the top right of the chat window to open a pop-out window:

message contact details

Step 4: You should now have a list of info and options. Depending on whether the chat participant is using an Apple device and is an iMessage user or not will determine which options are available. Some may be greyed out if not available (such as FaceTime and Screen Sharing):

view contacts messages details

Step 5: If supported, you can click on the 2 overlapping squares to initiate screen sharing either by inviting the chat participant to share your screen, or asking them to share their screen:

invited to share screen os x

Step 6: You can also click on the FaceTime icon to open FaceTime and start a video chat, or click on the Phone icon to choose which phone number from the chat participant’s Contacts card to call.

As mentioned above, you can tick the box next to ‘Do Not Disturb’ so that notifications from this conversation will be muted.

Step 7: You can also view all the attachments sent and received within this conversation.
Control-clicking/Right-clicking on any of these attachments brings up some options such as ‘Open’ to open an image in Preview or perhaps a movie or audio file in QuickTime, and ‘Delete’ to remove the item from the conversation:

do not disturb phone calls osx

Useful Info about Messages Details

Nice little feature this, but I have found that if you have received an audio or video file, the preview image shown in this Details window is the generic iTunes musical note icon. You therefore have to Control-click/Right-click the attachment and open it in QuickTime before you can find out what it was.

New Feature 5: Group iMessaging Details via Messages

What is it?

Similar to Feature 4, OS X Yosemite and iOS 8 has also incorporated the Details feature into Group chats.

Group iMessage conversations also now have the Details button with a collection of nice features. All the features from a single chat conversation are there for each person in the chat: Screen Sharing, FaceTime and Phone calling, plus the ‘Do Not Disturb’ and attachment previews.

An addition for group chats is that you can share your locations with others in the group chat by leveraging the ‘Find My Friends’ service. You can therefore see a map displaying where all the participants of the chat are located!

There’s also a nice feature whereby you can give the group chat a group chat name to make it easier to remember what the chat was all about!

However, notably the best addition here for group chats is the ability to control your interaction during group conversations. As well as the ‘Do Not Disturb’ feature if you no longer wish to receive notifications from an ongoing group conversation, you can also now click ‘Leave this Conversation’ to be removed entirely from the group chat.

How does it work?

This works pretty much the same as Feature 4 apart from the fact that you are viewing a group chat instead of an individual chat.

Once you have selected a group chat in the Messages sidebar, you can click the ‘Details’ button at the top right of the chat window and a pop-out window appears providing options to interact with the group recipients such as screen share, FaceTime and making a phone call.

There’s also the toggle for ‘Do Not Disturb’ so that notifications from this conversation are muted, the list of all the attachments sent and received within this conversation.

As mentioned above, group chats also have the following features : Participant location sharing, ‘Group Chat’ name and option to completely leave the group conversation.

Let’s now see it in action!

To see how this feature works, most of the steps will be the same as for Feature 4.
Once again, I was using a MacBook Pro (Retina, Mid 2012) running 10.10.2 and an iPhone 5 running iOS 8.2 to complete this demo.

Step 1: Open the Messages app on your Mac and wait a few seconds for your accounts to log in and update any messages made with another Apple device (such as your iPhone or iPad).

Step 2: Select a ‘Group Chat’ from the left hand sidebar to load up all conversations made between yourself and all persons invited into the group chat.

Step 3: Click on the ‘Details’ button at the top right of the chat window to open a pop-out window:

grou message via imessage

Step 4: You should now have a list of info and options. Depending on whether each chat participant is using an Apple device and is an iMessage user or not will determine which options are available. Some may be greyed out if not available (such as FaceTime and Screen Sharing):

untitled group chat

Step 5: Notice right at the top of this ‘Details’ window there is an option for you to give the group chat a group chat name so you can remember what the conversation was supposed to be about!

Underneath the Group Name option, there is a map section which will attempt to locate where all the group participants are.

Remember, this will need ‘Find My Friends’ enabled on iOS and ‘Location Services’ must be also enabled for the Messages app, either in Settings > Privacy on iOS or in the Privacy tab of Security & Privacy System Preferences on OS X.

I have ensured in my demo that this feature was disabled so I would not advertise where all my colleagues were! :)

Step 6: You can then choose to interact directly with just one of the group participants. If supported, you can click on the 2 overlapping squares to initiate screen sharing either by inviting the chat participant to share your screen, or ask them to share their screen.

You can also click on the FaceTime icon to open FaceTime and start a video chat, or click on the Phone icon to choose which phone number from the chat participant’s Contacts card to call.

Select ‘Add Contact’ to invite a new person into the group chat.

To remove someone from the chat, you can Control-click/Right-click on their name in the list and select ‘Remove from Conversation’:

remove from imessage group chat
Notice you can also send them a Private text message or email if their Contact card in your Contacts app has the relevant mobile number or email address field configured. You can also directly switch to their Contact card in the Contacts app by selecting ‘Show Contact Card’.

Step 7: Ticking the box next to ‘Do Not Disturb’ will ensure that notifications from this conversation will be muted. This is very useful if you are involved in a group chat but need to focus on something else for a while and don’t want to keep getting the notifications every time someone replies.

As well as the ‘Do Not Disturb’ feature, you can now click ‘Leave this Conversation’ to be removed entirely from the group chat:

mute notifications for this conversation

Step 8: All attachments sent and received within this conversation will be displayed at the bottom of the Details window.

Control-clicking/Right-clicking on any of these attachments brings up some options such as ‘Open’ to open an image in Preview or perhaps a movie or audio file in QuickTime, and ‘Delete’ to remove the item from the conversation.

Useful Info about Group iMessaging Details via Messages

These changes to Messages in OS X Yosemite and iOS 8 have certainly made conference messaging much more flexible and easier.

I do like the ability to use the group details to start a new individual phone call, chat, or FaceTime session. The ability to add or remove participants and then carry on the chat without having to create a new chat is great, plus the location feature is a nice way to see where people are if you then want to come together and meet up in person.

If I had to give any negative feedback about this feature, it would be that as great as it is that you can leave a conversation, you cannot rejoin it later. You have to create a new conversation and add in the same participants.

Well, that’s all for now!

I hope you have found this blog and the rest of the current series useful. Even though most of these ones are not technically ‘hidden’, they are not always easy to understand or discover and I felt they therefore needed some attention.

Again, there are plenty more features out there that I have not had the time to get around to posting yet.

Don’t forget, Apple has a good overview of the main new features of OS X Yosemite on their website should you wish to see what else is out there.

Read parts 1, 2, and 3 in this series.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

These features were tested using OS X Yosemite v10.10.2 and iOS v8.2 which were the latest Mac OS and iOS releases at the time of writing.

The Amsys Certification for iOS Developers is here

ios certification training uk
Amsys Training continually looks at how we can provide continued support and professional development for our students, by providing unrivalled access to course content and trainers with expert knowledge and real world experience.

To complement our iOS App Development training programme, we have extended our offering by launching a comprehensive iOS certification programme.

As the first training provider to offer students a complete iOS Development learning pathway, these new certifications set an industry benchmark as well as helping developers verify their skill set.

“Our new certification programme will enable developers to distinguish themselves from industry peers as well as providing potential employers with an easy way to identify talented iOS developers and discover the best of the best.” Richard Mallion, Amsys CTO

What’s more these exams will be free to all Amsys students for the next six months, when booked with an Amsys iOS App Development training course.

The Certification TracksAmsys Certified Developer (ACD)
All beginner iOS developers are invited to take this certification to verify their app development skills using either Objective-C or Swift to an elementary level. Learn more about the ACD certification here.

Amsys Certified Advanced Developer (ACAD)
Verify your advanced app development skills with the ACAD certification which certifies your skill and understanding on Objective-C or Swift app development to an expert level. Learn more about the ACAD certification here.

Learn more about the Amsys iOS certification training programme now.

Enable Single Sign On Printing in OS X

Hi all.

I’ve been to a fair few of our clients’ sites now that run a managed print server for their network printing needs. Almost every time, the print queues need to be SSO / Kerberised to work with Active Directory accounts. Otherwise the users are asked to provide authentication for these AD accounts every time they print.

This is easy enough to fix from the command line, but what if you have a number of printer queues of which most or even all need to be kerberised?

Enter the Script

For ease of use, we utilise a script at Amsys for a while now. It simply loops through all installed printers, configuring them to use SSO first, and then fall back if this isn’t compatible. This allows home or local printers that may get caught up in the script, to still work fine, even with the setting configured. This would also allow us to potentially leave the script running repeatedly on a schedule (say, once a week or once a month) without any harm.

Well, enough waffling on. Here’s the script we use:

#declare -x BUILD=2011022409
export PATH="/usr/bin:/bin:/usr/sbin:/sbin"
declare -x MYNAME="configureCUPSKerb.sh"
## Executable vars
declare -x awk="/usr/bin/awk"
declare -x grep="/usr/bin/grep"
declare -x logger="/usr/bin/logger"
declare -x lpadmin="/usr/sbin/lpadmin"
declare -x lpstat="/usr/bin/lpstat"
declare -x mkdir="/bin/mkdir"
declare -x perl="/usr/bin/perl"
## Get a list of our SMB printers
declare -x SMBPRINTERS="$("$lpstat" -v | "$grep" smb | "$perl" -p -e 's/device for (.*): smb.*/$1/g')"
	"$lpadmin" -p "$SMBPRINTER" -o auth-info-required=negotiate 


There you go, a nice easy one that hopefully helps people out! As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.


After some digging around, I think I found where we originally discovered the script, or at least another copy of it.

Massive thanks to Beau Hunter and JAMF Nation!


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Munki 2: Upgrading Your Munki Repo Content

Hi all. Welcome to the fourth part in my Munki 2 blogs: The on-going guide to get Munki newbies up and running with a basic setup to cut your teeth on!

This blog is designed as an add on to the earlier articles enabling you to take your plain default Munki 1 content and snazz it up to the Munki 2 standard!

My Demo Setup

Just for clarification, my demo setup for these instructions and screenshots is as follows:

Server and Client OS: OS X Yosemite 10.10.1
Server app: 4.0.3
Munki Tools: 2.2

Setting the scene…

So you’ve carried out all of the upgrades and got everything to work, but your repo is looking a little like this:

munki 2 repo setup

And your end users are seeing something like this:

managed software centre munki 2

Kinda sucks right? We can do better than this.

First up…Icons

Let’s start on getting some icons added and working. Well, would you know it, Greg has gifted us another command line too to run to automate this: Iconimporter.

1) Grab a copy from the Munki GitHub page and put it into the directory /usr/local/munki on your administration Mac.

2) Now run this, pointing the tool at your Munki Repo:

/usr/local/munki/iconimporter [path to your munki repo]

munki repo command

3) The tool should now go through all items in your repo, dig out the icons where possible, upload this into the correct directory (./munki_repo/icons/) and configure the pkgsinfo files to use it.

munki repo icons

4) Now what you may notice is that sometimes it finds more than 1 icon you could use. In this event, you’ll need to manually go into the icons directory, chose one of the icons and remove the “_[x]” off the end of the filename.

For Example: I want to use the second Python icon for the Python item. I will rename ./icons/Python_2.png to ./icons/Python.png and Munki will use this.

Now, without bothering to go through and do this for all the installers, my repo immediately looked prettier!

prettier munki repo

And prettier means, much more end-user friendly!

user friendly munki repo

Don’t forget to check out the full documentation for all of the information.

Categories and Developers

Now we’ve added the pretty pictures, how about some organisation? Let’s set a Category and Developer for each item.

I’m afraid at the moment that this is a manual task entailing opening each relevant pkgsinfo file on your repo (./munki_repo/pkgsinfo/) in a plain text editor and adding the values for these items. For example, let’s use the Firefox pkgsinfo file.


firefox pkgsinfo munki 2


firefox pkhsinfo munki after

Don’t forget to run a makecatalogs once you’ve finished:


Editing XML files…I’m not so sure about that

I understand that some people might feel that editing an XML file might be too open to mistakes, and that’s a fair point to make. For these people, I’d recommend two things:

1) Always backup the file before you make your edits. Do not delete this backup until you have confirmed your changes work fine.
2) Why not Zoidberg Munki Admin?

editing xml files munki 2 meme

As I’ve stated in a previous post, Munki Admin can easily set the Developer and Category with a nice GUI interface.

Even better? These values can be set by dragging the item (or items!) to the relevant sections on the left hand side!

munki admin packages


And that’s it, configuring and upgrading to Munki 2 for beginners! How’s that? Got a taste for more Munki? I’d highly recommend four places to go next:

1) Attend the Munki 101 course
2) Munki Wiki / Documentation
3) Munki-Dev Google Group
4) The ##osx-server irc channel

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Revise IT – OS X Support & Server Essentials 10.10 Update

It’s been a big month for our revision app, Revise IT.

Earlier on this month, Revise IT received the Bronze award at the Surrey Digital Awards, with Guitar Coach Magazine by Brand Vision and StaySafe Business by Safe Apps receiving Gold and Silver respectively.

Then on Thursday last week, OS X Support and Server Essentials 10.10 test questions were published on the app. This means you can now test yourself on ACSP and ACTC 10.10 before you take your exams by updating or downloading Revise IT for free today.

support essentials 10.10 revise it


Revise for your 10.10 certifications.

As with 10.8 and 10.9, Revise IT includes the test questions for the following Apple Certifications:

  • OS X Support 10.10 (pass mark 73%)
  • OS X Server 10.10 (pass mark 75%)
  • Mac Integration Basics 10.10 (pass mark 85%)
  • Mac Management Basics 10.10 (pass mark 84%)

Simply choose your desired Apple Certification to test your knowledge. Once you’re confident that you can pass the exam(s), call Amsys or your local Apple Authorised Training Centre to book your exam.

Don’t forget.. you can also tweet @amsysuk to let us know your test scores while you’re revising!

Thank You

And finally… we just wanted to say a big thank you to the Apple Community for their continued support of Revise IT over the last few years!




Download Revise IT for free and start revising for your Apple Certifications today.

Learn to develop apps for the Apple Watch with Amsys

developing apps for apple watch

Since Apple announced the Apple Watch last autumn, developers across the world have had access to the WatchKit beta. During this time, Apple has partnered with a select number of companies such as Nike, Pinterest and even an Australian SuperMarket chain “Woolworths” to develop apps for the Apple Watch before its retail release in April.

The Amsys iOS training team have also been hard at work learning everything there is to know about the Apple Watch and its framework WatchKit.

So what exactly is WatchKit?

WatchKit is the framework and APIs provided by Apple to develop Apple Watch apps using either Swift or Objective-C. At the moment, native apps are not supported. Instead, the Apple Watch app acts as an extension to an iPhone app.

How can I learn to develop apps for the Apple Watch?

To complement our iOS development training programme, the natural next step for Amsys is to add an “Apple Watch Development course” to our schedule. Over the last nine months, our team have been using the betas provided by Apple to discover what works and what doesn’t so that we could create a brand new course.

How does WatchKit differ from the SDK?

In some ways, WatchKit feels very familiar. However, there are no classes that we can use to make use of for the Apple Watch but it involves similar programming principles that we currently use for iOS.

Will it be difficult to learn how to develop apps for the Apple Watch?

Not at all. If you understand iOS programming, then this is a natural extension to that. If you are new to programming, then we have always said that anyone can learn to program. All you need is some time and a good teacher.

What will you be able to develop after attending this course?

You will be able to make use of all the capabilities that WatchKit offers. Like all programming courses, we will teach you the skills then it’s down to you to use your imagination to build a killer app.

How does it differ from the iOS App Development – The Fundamentals Course?

The Amsys “Developing Apps for Apple Watch” course is focused purely on WatchKIt. The training programme is run in the same way to all our iOS development courses; with plenty of hands-on labs so that you get maximum exposure to the code.

What are the pre-requisites to attend this course?

Because Apple Watch apps require the iPhone, you will need to have a basic understanding of iOS programming, not too much, but some exposure would be great. We will be running the course for both Swift and Objective-C, so an understanding of your chosen language is required.

Why should I learn how to develop an app for Apple Watch?

If you already have an iPhone app, it makes sense if you can extend that app to the Apple Watch. Not all apps will be able to do this, but a lot can. As this is a new market, there’ll be a new gold rush so being first to market is an incentive!

How will an Apple Watch app benefit my business?

If you already have an iPhone app, adding the WatchKit component will make your app a more personal experience, which is key in the digital marketing age of today.

Will Amsys be developing an app for Apple Watch?

Stay tuned.

If you would like to learn how to develop apps for the Apple Watch then speak to the Amsys team today call 0208 645 5806 or email training@amsys.co.uk.

National Apprenticeship Week: From Apprentice to Director

Hi all, david-acland

A slightly different blog this time.  As some of you will know, this week it’s National Apprenticeship Week; a governmental initiative celebrating the positive impact that apprenticeships have on businesses and individuals. So I thought I’d share the path that I took with Amsys; from Apprentice to Director.

My Story

Leaving school, I followed in the family tradition and pursued a career in catering.  This took me from college, to a few different bakeries and onto working in a number of London’s restaurants.

Things were progressing but not quite as I would have liked.  I knew that catering wasn’t a long term option for me and that I needed to change.

I thought back to other things that interested me when I was in school and computers came to mind.  I looked at various training options to help me switch career.  Microsoft were of course at the top of their game, so I looked at studying for a MCSE.

Unfortunately, the price was prohibitive and the studying time without an income really put me off.

Looking through the local newspapers (how we looked for jobs in the olden days) I noticed an apprenticeship being offered with a local company called Amsys.  I went for an interview, which I’d have to say could have been better, but luckily was offered the position.

Life as an Amsys Apprentice

I started working on the Summer 2000 iMacs, learning how to replace logic boards, hard drives, CRTs etc and continued to spend the first year learning how to fix each of the Mac models, PowerMac G4s, Cubes and PowerBook G3s.

While concentrating on the day to day work, I kept an eye on my progression.  There were plenty of chances for training on technical topics and other departments of the business including logistics and call control.  As opportunities came up, I offered to step in, moving into workshop management and gaining a bit of an obsession for processes along the way.

Promoted To Apple Certified Trainer

After a few years with Amsys, we won a contract with Apple to provide certified hardware technical training.  Demand was high, and there was a clear opportunity for me, so I jumped at the chance to become a hardware technical trainer.  Of course, it was intimidating initially but I soon realised I knew what I was talking about when it came to fixing Macs.

The Amsys training portfolio grew, and as it did I picked up more and more technical courses to teach, including Mac OS X Support, Mac OS X Server, and finally getting the chance to each the ACSA courses, Deployment, Directory services integration and specialist courses like XSAN Administration.

Developing Amsys Consultancy Department

After five years of training, I was looking for a change.  We were often being asked by training students whether we would go onsite to help out with server setups and installations.  This seemed like a logical path for Amsys to take so we started taking bookings for technical projects.  This was quite a significant change from the comfort zone of the classroom, and I learnt about project management and integration with all the other technical systems out in the world.

Joining The Amsys Board

To help support our installation projects we started to create a service desk operation.  At the same time, I was lucky enough to be offered a position on the Amsys board.  Things continued to develop, growing our support and projects team to become a significant part of the Amsys business.

Things have continued to progress steadily for Amsys and my career.  We’ve grown considerably, and I’ve been presented with some pretty interesting challenges along the way.

“The Apprenticeship is what gave David his “break” and a good foundation for a career. Ultimately David has been extremely successful because he has an unquenchable thirst for knowledge, is never content with the status quo and is constantly trying to improve himself and the processes for which he is responsible.

He is proof that if you are prepared to apply yourself and work hard you will be successful.

The “Amsys Apprenticeship” has launched countless successful careers in the IT industry. Amsys Alumni are now IT Managers, IT Directors, Apple Geniuses, Trainers, Project Managers, Sales Professionals and Entrepreneurs in a wide range of Technology businesses.” Alex Hawes, Amsys MD

If you’re making crucial career choices and think an apprenticeship could be the right path for you, then check out the Government’s apprenticeship website or speak to our team for more information.

Clearing stubborn Print queues

I recently spent a day onsite during half term looking at a set of iMacs that were intermittently pausing their print queues. I used a few different terminal commands to work around the issue so I thought I’d share the findings.

The setup was a classroom of Macs with a single HP A3 colour laser printer. Printing was through a Windows print server using Equitrak print management software.

The Symptom

Intermittently the printer on one of the Macs (it was random as to which one was affected) was paused. Attempting to start the printer was unsuccessful.

I enabled the cups interface in the Terminal on one of the affected Macs with:

cupsctl WebInterface=yes

I then logged on to the web interface: and looked at the printer. The queue had a load of stuck jobs from different users that had logged on.

The workaround

In this case, it had to be a workaround. There is clearly an underlying problem causing the print queue to pause but being half term at this particular site it was a ghost town, and no-one had access to the print server to investigate further.

The paused jobs in the CUPS web interface were not much help, other than to state that they were stuck.

So to work around this problem we wanted a way to clear out any stuck jobs and to restart the queue when a new user logs in. This was achieved with the following script:

	cancel -a - # Clears the stuck jobs in all queues
	cupsenable PRINTER # Restarts the print queue
	exit 0

You would need to replace “PRINTER” with the actual name of the print queue. You can get this by using:

lpstat -p

Given more time it would be worth expanding this script to check if the printer is running and only use cupsenable if needed. It could also specify which queues to clear. But for the requirement I had, this was sufficient.

Next we needed to get the script triggered. There are a bunch of ways to do this (see this podcast if you are wondering about the other options). In this case, I am using a LaunchAgent. This is because:

  • I want the script to run each time a user logs in
  • There was already a login and logout hook that I didn’t want to interfere with

The LaunchAgent was placed in /Library/LaunchAgents and looks like this:

<?xml version="1.0" encoding="UTF-8"?>
	<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
	<plist version="1.0">

With LaunchAgents, it’s important to make sure the permissions and ownership are set correctly. It needs to be owned by root, and the group set to wheel. The permissions also must match the other LaunchAgents that are already in there (i.e. -rw-r—r—). If the permissions are set too restrictively or too promiscuously, they won’t be used.

That’s it; each time a user logs in the queue is cleared and the printer resumed.

Extra Note: Before choosing “cancel -a -” I was testing “lprm -” which appeared to have the same effect. This was failing to run for non-admin users so I switched to the cancel command. Just in case anyone wonders!




While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Munki 2: Upgrading Your Clients and Using Munki Admin

Hi all. Welcome to the third part in my Munki 2 blogs: The on-going guide to get Munki newbies up and running with a basic setup to cut your teeth on!

This blog is designed as an ‘updater’ blog to my previous two Munki blogs: “Munki Configuration Part 4: MunkiAdmin.app and “Munki Configuration Part 5: The client Mac”.

My Demo Setup

Just for clarification, my demo setup for these instructions and screenshots is as follows:

Server and Client OS: OS X Yosemite 10.10.1
Server app: 4.0.3
Munki Tools: 2.2
Example Package: Mozilla Firefox v35.0.1

Upgrading the Client Tools

Nice and easy, simply install the new tools. Version 2 of Munki will happily use the same settings in your preference file.

Just a word of warning, the behaviour of the Launch Daemons for Munki 2 have changed and so if you do not push out the Munki v2 LaunchD installer, you will have unexpected behaviour on your clients (not something you want).

Ah, you may have noticed that this will add an additional requirement onto the upgrade install, your clients devices will need to reboot to complete the install.

Just bear these in mind when upgrading the client installations.

Obtaining the Munki Tools

Here’s a nice little tip. If you’re using AutoPKG (and if you’re running Munki, why not?) then there’s a core AutoPKG recipe for the latest full Munki 2 tool releases that I’d highly recommend using.

New Pretty Application!

As you may notice, the previous “Managed Software Update” application in the Utilities folder has been replaced by a shiny new, ‘Mac App Store’-like “Managed Software Centre” located in the Applications folder.

Open it up and have a look at the new layouts and additional information you can provide, like these screenshots!

Enough Client, what about Munki Admin?

Well, as always, Hannes has been keeping up with the Munki tools developer with his Munki Admin GUI solution for administrating the server. This includes setting icons, Developer and categories!

Double click one of your installer items to access the extra settings on the first tab.

munki admin 2


There you go. As before, I hope it helps someone out and gets you onto the new (and awesome) Munki v2. Tune in for the next part where I’ll discuss upgrading the content of your Munki Repo, with the Munki 2 goodness.

For these blogs, I’d always recommend reading the documentation (as Munki is a powerful tool) over at its new home on GitHub.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Where does Apple Mail & Outlook store your attachments?

Every file that is sent to you by e-mail is then stored in a specific folder.

Why Would I Need To Know Where Attachments Are Stored?

If you have ever opened an attachment from an e-mail, worked on it and pressed “Save” instead of “Save As” the document is saved to this specific location.

The location that Apple Mail saves attachments to is in the Users Library folder. The full file path is the following.

~/Library/Containers/com.apple.mail/Data/Library/Mail Downloads

To access the Library folder, you can use the “Go” menu from the Finder. If you hold the ‘alt’ key while in this menu, you will get the option of the ‘Library’ folder.

apple mail saves attachments

Or you can select the “Go To Folder” option from the “Go” menu.

go to folder apple mail

Once you select the “Go To Folder” option you will get a pop-up with a box to enter the folder locations.

go to folder apple mail

Once entered click the “Go” button, and the finder window will open the folder location. You can then move the file to a location that is easier for you to access e.g., your Desktop or Documents folder.

attachment folders apple mail

Apple Mail creates a new folder for each e-mail and names it with the unique message ID. So you will have to navigate through the folders within this location to find the correct message that the attachment came in on.

Outlook Mail Attachments

The location that Outlooks saves attachments to is in the Users Library folder. The full file path is the following.

~/Library/Caches/TemporaryItems/Outlook Temp

How Do I Access This Folder?

To access the Library folder, you can use the “Go” menu from the Finder. If you hold the ‘alt’ key while in this menu, you will get the option of the ‘Library’ folder.

outlook saves attachments

Or you can select the “Go To Folder” option from the “Go” menu.

go to folder outlook apple

Once you select the “Go To Folder” option you will get a pop up with a box to enter the folder locations.

go to folder outlook

Once entered, click the “Go” button, and the finder window will open the folder location. You can then move the file to a location that is easier for you to access e.g., your Desktop or Documents folder.

OS X Yosemite Hidden Feature Series – Part 3


Continuing on with our series looking at features of OS X Yosemite that aren’t as well known or documented, Part 3 will focus on features in Apple’s Mail client.

Despite the graphical overhaul of OS X Yosemite, Mail as an app seems to function in similar way to how it was in OS X Mavericks and hasn’t experienced the relocating of settings and options as much as some other apps. So there is no real learning required to get to grips with it for existing Mac users.

There are, however, some rather nifty new features thrown in.  As I have mentioned previously, these may not necessarily be ‘hidden’ in the sense that you cannot ‘see’ them, instead the following features may not:

  • Be obvious as to where they are.
  • Be easy to understand on what they do.
  • Be as well documented by Apple.

New Feature 1:  Mail Markup

What is it?

  • Have you ever needed to fill in a form or sign a document that you have received as an email attachment?
  • Received a photo or map as an attachment and want to highlight or comment on it?

Normally, this would entail having to save the attachment, open it in an editing app, whether that be Preview, Photoshop etc, make your changes and save the edited file, then add the newly modified file back as an attachment in an email. Rather long-winded!

Enter ‘Markup’. This handy new feature allows you to annotate an image or PDF attachment easily while staying within the Mail app. How cool!

If you have ever used the ‘Annotate’ feature within the ‘Tools’ menu of Apple’s Preview app, then you will already know everything about this feature as ‘Markup’ is essentially offering you that ‘Annotate’ tool directly within Mail.

Below is a reminder of the Annotate features in Preview:

annotate feature os x preview

You can now sketch, add shapes, text, signatures, lines or arrows directly onto an enclosed image or PDF. Change the font and colours of these too!

Looking at it another way, instead of modifying an attachment that someone else has sent to you before re-sending it back to them. You can now even add an image into a new email, directly apply your annotation to it and then send it, all within Mail without having to modify the item before attaching it!

How does it work?

It is all rather simple. If you have received an email containing the attachment in question, just select to ‘Reply’ or ‘Forward’ the email containing the attachment as normal. If you wish to send someone else an email with an attachment but directly modify it, then again, just add the attachment to the email as normal.

Next, hover your mouse over the attachment and select the ‘down-facing chevron/arrow’ from the far right of the attachment as highlighted below by a red circle (using preview’s annotate features!):
annotating mail attachments

Once you have selected the ‘down-facing chevron/arrow’, select ‘Markup’ from the pull-down menu:

markup yosemite mail

The image or PDF then ‘zooms out’, offering an annotation toolbar at the top so you can now add your notations to the attachment with mouse, trackpad or keyboard!

markup annotations mail yosemite

Let’s now see it in action!

So now we know how to access Markup, what can you do with it?
I will work my way along the options of the annotation toolbar from left to right.


sketch osx yosemiteThe first option is the Sketch tool. With this option, you can use a pen tool so you can perform freehand drawing. Your mouse pointer will change to an ‘ink pen’ icon while you are hovering around the attachment, allowing you to click to select where you wish to start freehand drawing. Use the Shape Style, Border Color and Fill Color options to customise the size and color of your freehand drawing.

In the example below, I used the sketch tool to circle around the location of our Surrey office, the Sketch tool has then offered me some customisation options:

sketch tool yosemite

I can either keep to my ‘rough’ freehand circle, or select below to have it ‘tidied up’ :
tidied circle yosemite

I think the tidied up version is better than my freehand circle!


shapes os x yosemiteThe second option is the Shapes tool. As it implies, this tool can create shapes, but also insert speech bubbles or arrows onto your attachment, and even has a handy ‘highlight’ and ‘zoom’ option too:

shapes os x yosemite mail

I won’t demo all these shape options since most of them are similar and straight forward, but here’s how to create a custom arrow on an attachment:

Step 1: Select the ‘arrow’ option under the Shapes feature to add an arrow with the current Shape Style, Border Color and Fill Color settings.

Step 2: You can drag the arrow around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow). You can also use the ‘blue’ end point handles to change the length of the arrow or change the angle:

using shapes yosemite mail

Step 3: Drag the ‘green’ middle point handle to change the arrow from a straight arrow to a curved arrow:

shapes arrows yosemite mail

Step 4: Use the ‘Shape Style’ option to change the ‘thickness’ of the arrow, make it a dotted arrow or to add and remove the end points of the arrow:shape style option

shape style option expanded

Step 5: You can then use the ‘Border Color’ option  and ‘Fill Color’ option to change the colour of the border or to fill in the arrow with a different colour:

change shapes colour

(Choosing the first color  will allow you to have NO border or fill colour)shapes no fill
Let’s now look at how to add a custom highlight on to the attachment :

Step 1: Select the ‘highlight’ option at the bottom left of the Shapes feature shapes highlight option

Step 2: This should add a highlighted square on your attachment, allowing you to drag the blue resizing handles to select which part of the image you wish to highlight. The image below shows a red arrow pointing to the stations nearest the Amsys Surrey Training Centre and that area of the map is now highlighted too:

highlight attachments yosemite

Highlighting a block is quite nice, but the ‘magnifying glass/zoom’ feature is even nicer. I have re-selected the highlighted area and used the ‘backspace’ key to delete this element and will now add a ‘zoom’ element instead.

shapes magnifying glass

Step 1: Select the ‘magnifying glass/zoom’ option at the bottom right of the Shapes feature.

Step 2: Again, you can drag the zoom element around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow). You can also use the ‘blue’ handle to change the length of the zoom range:

change length zoom

Step 3: Drag the ‘green’ handle to change the amount of zoom required, I have used the green handle to zoom in further on the stations I wanted to highlight:

zoom in further

shape style optionStep 4: You can again use the ‘Shape Style’ option to change the ‘thickness’ of the zoom border, make it dotted or have a shadow.


The ‘Border Color’ option can also be used to change the colour of the border:border colour

add border map mail yosemite

Text text tool icon
The third option is the Text tool. As this implies, this can add a free text box onto your attachment.
Simply click on the Text option to add a free text box and again you can drag the Text box around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow) and also use the ‘blue’ handles to change the length of the Text box:

text overlay

Just like any free text box on a Mac, double-clicking inside the text box allows you to modify the text to be displayed.
With the text box highlighted, you can again use the Shape Style, Border Color and Fill Color options to customise the border thickness, color and background fill color and perhaps create something like this:

text annotation yosemite mail

With Text boxes, you can also use the Text Style option  to also modify the text’s font, color, font size, bold, italic and underlined options as well as alignment within the text box:

text font change

The end result can therefore look like this with change of font, text color with bold and italic added:

text font change result

Let’s combine those 3 elements together. The arrow shape, the zoomed shape and the text box:

combine elements yosemite mail


The fourth option, is the Sign tool. Just click the Sign dropdown arrow and select ‘Create Signature’, you can then select to create a signature with your finger if using a Trackpad, or with the use of your Mac’s camera which can take a photo of your signature on a piece of paper:add signature yosemite mail
adding your signature to email yosemite

When using the camera, it will ask you to sign your name on a piece of white paper and hold it up to the camera:



It will then capture the signature and reverse the image so that it is the right way round as shown below:

sign your name

With both options, simply select Clear to try again or Done to add the signature to your annotations:

add signature

You can now select the captured signature to add it to your attachment:

add signature to email yosemite

Again, you can drag the signature around with your mouse pointer, (a ‘hand’ icon replaces your mouse arrow). You can also use the ‘blue’  handle to change the size of the text box. The ‘Border Color’ option  can also be used to change the color of the signature text should you wish.border colour

Shape Style

The fifth option, is the Shape Style tool. As mentioned during the above steps when looking at adding shapes and text, this is used to change the ‘thickness’ of elements, make them dotted, blurred or shadowed and to add and remove end points to arrows:shape style option

shape style option expanded

Border Color  
The sixth option, is the Border Color tool. This was also mentioned during the above steps when looking at adding shapes and text and can be used to change the colour of any border of elements:

change shapes colour

(Remember that choosing the first colour will allow you to have NO border color)

Fill Color
The seventh option, is the Fill Color tool. I mentioned this during the above steps too when looking at adding shapes and text, this is used to change the ‘Fill’ color of any element, such as the filled in color of a shape or the background color behind text:fill colour apple mail

fill colour palette apple mail

Text Style text style apple mail
Lastly, the final option, is the Text Style tool. Also mentioned during the above steps when looking at adding shapes and text, this is used to modify the text’s font, color, font size, bold, italic and underlined options as well as alignment within the text box:

text font change

Right, I think we’ve finally sorted out the Markup feature in Mail!
So let’s see my end result PDF after using Markup:

final annotated pdf apple mail

This was created using the steps above, but also included using the ‘duplicate’ command (or ‘CMD’ + ‘D’ keys) to duplicate some existing annotate elements I had already created to save recreating them from scratch.

As you can see, by adding a generic London travel map PDF into Mail, I have managed to use the Markup feature to clearly highlight the best stations to travel to when visiting our Soho and Surrey offices. All without having to modify the PDF first before adding to Mail!

Useful Info about Markup

Finally, here’s some useful pieces of info about this Markup feature:

  • Markup Clean Up - As noted whilst i was creating a freehand circle, Mail can automatically ‘clean up’ or smooth out your drawings to make them look nice and tidy.
  • Markup File Formats - As great as this Markup feature is, it currently only works with images/photos and PDF files. So you cannot use Markup to annotate other types of files, for example a spreadsheet created in Numbers or Excel.

The Markup Extension -  Markup is in fact not just for Mail. It is part of the new ‘Extensions’ feature Apple built-in to OS X Yosemite and iOS 8. Extensions allows code from one application to be available inside another application. We have just experienced Apple’s Markup extension allowing me to use the annotation features offered within the Preview application directly within Mail.

So where is this Markup feature actually configured if not in Mail itself?

Well, OS X Yosemite offers a brand new System preference pane called ‘Extensions’ which offers the ability to provide ‘Extensions’ to apps and the Finder. Below you can see that the ‘Markup’ extension is enabled under the ‘Actions’ section to allow editing and viewing content across apps. (Preview to Mail in this example):

mark up extensions yosemite

Extensions, therefore, have the potential to completely change how Mac apps function. Hopefully Apple will incorporate more extensions into the file system and also allow developers to make their own or add to existing ones like Markup. Currently the Markup extension has limited availability, I’m hoping more apps will utilise it soon as it is such a useful tool.

For now, though, Markup has a perfect link between the Preview and Mail apps. So much so that if you have already created signatures using Preview, (Tools menu > Annotate > Signature, or visit this guide for earlier versions of OS X’s Preview app), these will automatically appear in a Markup enclosure in Mail when you select the Sign option! Cool!

New Feature 2:  Mail Drop

What is it?

Put simply, Mail Drop is a new OS X Yosemite feature integrated into the Mail app that lets you send large attachments in Mail without having to worry whether it is too big to send and then having to think about how you can get around email attachment limits if your email server rejects your email.

There are quite a few email systems that put a maximum size limit on email file attachments, meaning you are restricted on what you can attach to your emails.
This leads you into having to think of a way round this like trying to compress the files, crop/reduce the size of images, or even getting as desperate as having to upload your files a cloud-based storage solution and pasting in a link to this in your email.

Enter Mail Drop! With Mail Drop, you can now just drag a large file into a message as normal and click Send. Mail will execute Mail Drop to magically send the large attachment, (whether it be a presentation, video or just a folder of holiday photos) without any worry about size limits!

How does it work?

So, how does Mail Drop get around these email size limits?

As long as you have an iCloud account and are logged into this on your Mac, Mail can send the attachment by uploading the file to a temporary holding area on Apple’s servers where it is encrypted and held ready for download.
Just drag your attachments into an email message, Mail Drop can then take it from there. If the receiver of your email is also using Mail in OS X Yosemite, Mail can download the large file automatically so that they will receive the email with the download attachment as normal, as if it had been attached to the message.

However, If they use an earlier version of Mail, any another email app or even webmail, they will receive your email without the attachment, but the email will contain a link to download any attachments. A link that will remain available for 30 days before being deleted. The recipient will be notified in the email along with the link, the expiration date of the downloadable attachment.

The beauty of Mail Drop is that it costs NOTHING to use and the attachments stored in iCloud do NOT count towards your free 5GB of iCloud Drive storage either!
It doesn’t matter which email service you use either, whether it be iCloud itself or something like Microsoft Exchange, Gmail, Yahoo etc.

If you do have OS X Yosemite and are using Mail but don’t have an iCloud account, or you try to send an email without being logged into your iCloud account, Mail will just ask you whether you want to use Mail Drop or not.

Let’s now see it in action!

So now we know what Mail Drop is, let’s see how we can use it!

Sending the email:

Step 1: First of all, check you are logged into iCloud. Open System Preferences from the Apple menu and select ‘iCloud’. Sign in with your iCloud name and password if not already signed in. Check that iCloud Drive is enabled, then click on the iCloud Drive Options button and check that Mail is selected in the list of apps that store data in iCloud in order to activate Mail Drop:

mail drop yosemite

Step 2: Next, we need to check that Mail Drop is enabled for your email account. Open the Mail app and choose Mail > Preferences, click Accounts, then select your email account, click the Advanced tab, make sure ‘Send large attachments with Mail Drop’ is ticked:

enable mail drop yosemite

You can enable and disable Mail Drop here for each email account. So you can choose which accounts to use Mail Drop with.
If you are using Mail in OS X Yosemite and are logged into an iCloud account, Mail Drop should automatically kick in.

Step 3: Compose a new email message in Mail and drag in a large attachment:

send large files via apple mailStep 4: Mail may display the total message size just below the “From” address. This text should dynamically change to red if attachments go over the approximate limit for third-party email providers. (My above example screenshot used a gmail account). Click to Send the message and you’re done! (Remember that the attachment needs to be sent to Apple for hosting and, therefore, there maybe a waiting period before the email is actually sent).

Remember that the message size limit warning will trigger Mail Drop to create a link to the attachment instead of including the attachment in the email.

So what if you haven’t got an iCloud account or you are not logged in to it? Or perhaps you have disabled Mail Drop for your email account in Mail Preferences? Not to worry, you can still use Mail Drop but you will need to authorise this on sending the email.

Step 1: Compose a new email message in Mail and drag in a large attachment as mentioned above.

Step 2: On clicking Send, you will receive a notification from Mail asking you whether you want to use Mail Drop or not:

send large files apple mail step 2

Receiving the email:
Remember, if the recipient is using Mail in OS X Yosemite, they will receive the attachment within the email as normal. However, other mail client apps will receive the email with links to download any attachment from Apple’s iCloud servers and a notification of the expiry date of the download:

receiving large attachments from apple mail

Useful Info about Mail Drop

Tip! Remember to check that the email was sent before putting your Mac to sleep or shutting it down. If your attachments are large, they may still be uploading to Apple in the background. So check the Activity before closing Mail or putting your Mac to sleep or shutdown. (You can check your Mail Activity by selecting the Window menu in Mail and then selecting Activity). The next time you open Mail, you may find this error caused by you closing down Mail too soon:

useful infor about mail drop

This error can also occur if you have tried to send too many attachments using Mail Drop in a short period of time.

Mail Drop Limitations

Just as I mentioned for Markup, Mail Drop doesn’t suit all situations. Mail Drop may not activate properly even if both sender and receiver have an iCloud account. The reason for this is that Mail Drop is designed to work by using the sender’s file size limits for its trigger, NOT the receiver’s file size limits.

What does this mean?

Well, let’s say that you plan to send a friend a 15MB email, and your file size limit is 40MB. The email size is well within your attachment limit, but your friend’s maximum file size limit is only 10MB. Technically, the email cannot be sent at the current size, as even though it is smaller than your limit, it is larger than your recipient’s limit.

Since Mail Drop will only consider the senders’ file size limit, in this example, Mail Drop will not trigger an issue and, therefore, the email will send with the file received by your friend as a clickable link they can download from iCloud. As the sender, you will receive a reply notification that the recipient is unable to accept a message of this size.

Apple report that Mail Drop can only be used to send files if the email ‘exceeds the maximum size allowed by the provider of the sender’s email account’. In other words, as a sender, you cannot specify a custom file size threshold with which Mail Drop will trigger. So you cannot prevent situations like my example above.

Since Mail Drop is a new feature, we can but hope that in the future Apple releases a custom size control for Mail Drop to allow senders to ensure that their recipients receive attachments without having to receive a download link.

Mail Drop does support sending multiple attachments in the same message though, however the combined total size must be below the 5GB threshold.

In case you try and use Mail Drop but it fails to send, remember to open System Preferences and look at the settings in the iCloud preference pane. Ensure you are logged in correctly to your iCloud account. Check that iCloud Drive is enabled, then click on the iCloud Drive Options button and check that Mail is selected in the list of apps that store data in iCloud in order to activate Mail Drop.

New Feature 3:  Mail HandOff

Mail in OS X Yosemite also works with HandOff, so you can start to write an email on your iPhone or iPad, then switch over to your Mac to finish the email off. Perhaps you want to add a photo or another file to the email that’s stored on your Mac.

Refer to ‘New Feature 3: Handoff’  from Part 1 in this blog series for more info on this feature.

As well as these new features, searching for/within emails, previewing and Gmail & Microsoft Exchange integration seems to be more stable and efficient compared to OS X Mavericks.
Though not new features, it’s worth mentioning these as a benefit of using Mail in OS X Yosemite.

I hope you are enjoying this blog series and finding it useful. Please note though that the features and options I have mentioned are just a collection of the ones that I have discovered and found useful and it’s not a complete feature list.

Apple does has a good overview of the main new features of OS X Yosemite on their website.

Read part 1, and 2.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

These features were tested using OS X Yosemite v10.10.2 and iOS v8.1.3 which were the latest Mac OS and iOS releases at the time of writing.

Understanding the Mac OS X Keychain

Online services, banking, social media, encrypted hard drives, everything wants to know your password before allowing you access.

My list of login credentials is growing slowly and remembering them is not possible anymore. With the advance of the internet and the world of IT becoming so ubiquitous, security policies require stronger and stronger passwords that often need changing.

Well, Apple has the answer to that problem – Keychain.

The Apple Keychain Utility has been around since Mac OS 9. Its deep integration into the system allows us to work without having to enter passwords to access resources. It just makes my life so much easier without sacrificing security. The types of data stored in the Keychain utility is WiFi network passwords, credit card numbers, website passwords, certificates and secure notes.

All keychain data is stored on the hard drive of my computer. I know it is safe because the keychain data itself is an encrypted database. To unlock the keychain, I will need to know my keychain password which is also my login password.

I hope everyone understands the importance of this password. Anyone who knows it and can gain access to your Mac, can unlock your keychain and access all this sensitive data. This is why it has to be a strong one.

Over the years, I have seen people using passwords like “apple”, “password” or even a blank password. Well, you can guess the risk taken by that. So, please, use a stronger one and don’t write it down where people can easily find it.

Where is my data and how do I access it?

The keychain data is stored in ~/Library/Keychains/, /Library/Keychains/, and /Network/Library/Keychains/. The first location is where my personal keychain is stored. To access their data, I need the Keychain Utility located in the Utilities folder in the Applications folder.

I like using spotlight to access the Keychain Utility as it only takes a few keys to get there – click on the spotlight icon in the top right corner and type “keychain”. Spotlight is quick and will predict what you are looking for and get it on top of the search quickly, so you don’t even need to type the whole word. Once you open it, you have access to your Keychain.

Understanding Local Keychain Files

I will briefly explain the purpose of the most important files in these directories.

/Users//Library/Keychains/login.keychain – This keychain is created when your user account in Mac OS X is created and normally has its password synchronised with your login password. It is unlocked at login and locked a logout. This is where most of your passwords will end up in. Its password is changed when you change your login password or using the Keychain Access utility.

/Users//Library/Keychains/ - UUID stands for Unique User ID – This identifier does not match your OS UUID. It is created when the account is created. This is where your iCloud keychain is stored but if the service is not enabled, it will appear as “Local Items” and be renamed to “iCloud” when the service is enabled. The iCloud keychain service allows passwords and other types of data from it to be synchronised with your other Apple devices like you iPad, iPhone or another Mac. The only requirements are that all these devices are using the same Apple ID account, and the OS supports the iCloud keychain service (Mac OS X 10.9 and above, iOS 7.0.3 and above).

/Library/Keychains/System.keychain – The System keychain stores items that are accessed by the OS and shared between user to allow, for example, everyone on the Mac to be able to connect to a WiFi network. Only administrators can change its content.

/Library/Keychains/FileVaultMaster.keychain - This file is created by the system when FileVault encryption service is enabled on your Mac. The OS manages its content.

/System/Library/Keychains/ – This is another location that can store loads of keychain files. Its content is managed by the system and other application. Most of them will not appear in the Keychain Access utility however, all users benefit from it.

iCloud Keychain

A major change to the Keychain was the introduction of the iCloud Keychain. This is my favourite feature because it takes all iOS compatible keychain entries and uploads them securely to your Apple ID account. This not only allows all your compatible devices to be able to access usernames and passwords but keeps them safe in a form of a backup in case of a disaster. I know my data is safe as a 2-step verification process is activated automatically allowing you to set an additional code and SMS verification from another device.

The Keychain Access Utility

The Keychain Utility is located in the Utilities folder in the Applications folder. Your password is not required to open it, however, if you want to view a password of any of its items, you will be prompted for your login password.

When you double click on an entry, the window will display its Attributes and Access Control parameters. These attributes include the name and type of the service, network location or the application the entry is for, your username if one exists and a field for the password which appears blank until the “Show password:” box is ticked, and you authenticate. The Access control tab will show you what is allowed access to that specific entry with a few adjustments available.

os x keychain yosemite


There may be times when the keychain gets corrupted, and you cannot access your data. Fortunately, the Keychain Access application has a built-in repair tool called Keychain First Aid that can be accessed from the Keychain Access menu. The tool requires your keychain password to allow you to verify and rebuild it and will only work on keychains you own as a user.

So, what do you think? Feeling a bit more comfortable with the idea of trusting machines with your passwords over your notepad? I certainly do myself.

Creating Config Profiles instead of a First Boot Script


As a follow up to my first boot script blog, I wanted to spend a bit more time with configuration profiles to see if they could be used to replace some or all of it.

It has become increasingly apparent that Apple is in favour of managing settings via configuration profiles and the MDM system so we thought it was time to modernize the techniques we are using. In addition to this, while we have used a first boot script for quite a few of the recent OS versions which have worked great, with 10.9 and now 10.10 there were a few things that have been bugging us:

  • Having to work around preference caching.
  • Write lots of data into existing user homes and the system user template folder.

Preference Caching

Preference caching broke quite a few scripts people were using to configure OS X settings.  Traditionally, OS X and most applications use XML files stored in specific locations (Library/Preferences folders) in the root of the hard drive, the System folder and each users home folders.  You could use various methods to write data into these files, or even replace the files to affect the associated settings. 

Although introduced earlier, certainly since 10.9 the operating system started caching the information stored in these XML files.  If you edit the files directly, the change you made often gets replaced with the cached version.  Ben Toms has a great article on preference caching that explains it in more detail here.

There are commands like “defaults” that are preference caching aware which is good for one line key/value pair edits and entries. For more complex plists you can use Python, which is using CFPreferences, so would also work.  Some of the other commands like plistbuddy require you to kill cfprefsd before making changes, unless you’re editing files on a non-booted volume.

Configuration Profiles are also able to work with preference caching and apply as soon as they are deployed to the target device and so are the main focus for this blog.

Writing data into user homes and the system template

The second reason for wanting to use profiles is to avoid writing data into user home libraries and the System user template.  These methods generally avoid preference caching as they aren’t actually in use (although this isn’t guaranteed).  

The System folder has always been considered Apple’s domain so anything we put in there has the risk of being wiped out with an OS or other system related update.  To change the settings for existing user home folders, we had to use a loop in the script that contained the necessary commands to insert the key/value pairs.  This also worked, but is quite complex.

What Settings Could We Switch To Config Profiles?

The first boot script we use has quite a lot of different jobs to do so the first task was to list them out and investigate whether they could be switched to configuration profiles.  The below table lists each task and whether a config profile worked.

Task Profile? Notes
Creating a local admin account No Not possible with a profile, but can use the new 10.10 tool sysadminctl
Setting time zone and time server No The time zone and NTP server addresses are stored in /etc/localtime and /etc/ntp.conf respectively.  These are traditional UNIX Config files and can’t be manipulated with profiles.  Luckily the systemsetup command makes the process nice and simple.
Region, keyboard and language Yes Keys set in the com.apple.HIToolbox.plist and .GlobalPreferences.plist files.
Apple Remote Desktop No Similar to setting the time zone and server, there is a purpose built binary that can achieve this so no need to switch it to a profile
Enabling SSH access No Same as above, the purpose built command line binary works best
Setting up the Login Window Yes Keys set in com.apple.loginwindow.plist
Disable iCloud Setup at login Yes Keys set in com.apple.SetupAssistant.plist
Disable diagnostics at login No The plist file is stored in a non-standard location (/Library/Application Support) so profiles aren’t any use.
Disable Time Machine Popups Offering for New Disks Yes Keys set in com.apple.TimeMachine.plist
Turn off Gatekeeper Yes Available in the GUI configuration profile settings
Turn on right-click Yes Keys set in a bunch of mouse and trackpad plists (more details below)
Turn off restore windows Yes Key set in .GlobalPreferences
Stop writing .DS_Store files on the network Yes Key set in .GlobalPreferences
Set the Users Homepage Yes Key set in com.apple.Safari.plist

Creating a config profile

There are two main options for creating configuration profiles, either in a graphical interface, or by creating custom XML files. Some of the tasks above require the use of custom config profiles. These are used to set XML keys that are not available in the standard GUI options.

The core part we are interested in can be shown in this example snippet from the com.apple.TimeMachine.plist profile:


The Easy Ones

There were a few preference settings that could be replaced with simple checkboxes and dropdown menus. These were:

Some of the login window options

Although there are custom settings we have been adding into the login window preference file, the majority of the options can be set in the GUI:

custom settings config profiles

custom settings config profiles options

Security & Privacy

We would normally set the Gatekeeper options using

spctl --master-disable

but this can be set in the GUI as below:

security and privacy config profiles

Custom Settings

There are a few ways you can create custom configuration profiles.

Upload the plist file directly

Depending on the MDM system, in some cases you can simply upload the configured preference file. To get the preference file setup, I would normally recommend using a cleanly installed version of OS X and removing any keys that you don’t want. So if I wanted to set a few keys in the com.apple.TimeMachine.plist file, I would use the terminal to add the necessary keys such as:

/usr/bin/defaults write /Library/Preferences/com.apple.TimeMachine DoNotOfferNewDisksForBackup -bool true

Then I would take a copy of the preference file so I can amend it:

mv /Library/Preferences/com.apple.TimeMachine.plist /Users/dave/Desktop/

Then we need to convert it from binary to xml so we can edit it:

plutil -convert xml1 /Users/dave/Desktop/com.apple.TimeMachine.plist

Once you have an xml version of the file you can open it in a text editor and remove any keys you don’t need in your profile.

This edited preference file can then be uploaded into your MDM.

Convert to a Configuration Profile first

The second option is to convert the preference file into a configuration profile. This will allow you to deploy the setting using a large range of tools including an MDM server, Munki (since version 2.2) or using the profiles command in the Terminal.

It is possible to create a mobileconfig file directly in a text editor. There are a bunch of profile specific xml keys such as:


Note - not a full list of mobileconfig keys

and the core


that contains the management settings.

Luckily, Tim Sutton has created a very handy script called mcxtoprofile.py (available here). This script allows you to (amongst other things) specify a plist file as the input and have it create the mobileconfig file for you. Here’s an example command:

mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup

By default, configuration profiles lock the settings they are managing. In lots of cases, this works fine but in some cases, particularly when you start dealing with custom profiles and third party applications, locking the settings will either cause the managed setting to be ignored, or make the application crash.

To get around this, you need to change the default profile behavior so the setting is set, but unlocked so the corresponding application can change it if it needs to. You can do this per preference file in the profile with one of the following keys:

Always –


– This will lock the setting (default behavior)

Often –


– This will set the key initially and then reset it each time a user logs in (if they change it)

Once - Combining the




set to the current NSdate will allow the setting just to be set once. This is useful if you want to set up the users environment a certain way for their first login, but allow them to change it afterwards.


mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup --manage Always


mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup --manage Often


mcxToProfile.py --plist com.apple.TimeMachine.plist --identifier DoNotOfferNewDisksForBackup --manage Once

Final First Boot Script

As I mentioned at the start, there are a few settings that couldn’t be set with config profiles, or were so easy to do with a terminal command it wasn’t worth switching across.

In these cases, we kept the first boot script code. You could turn these into a series of payload free packages, or if you are using Casper, add them to individual policies to be triggered as required.

Below is the script we ended up with:

# Requires 10.10 or higher.
# Create a local admin user account
sysadminctl -addUser localadmin -fullName "Local Admin" -UID 499 -password "apassword" -home /var/localadmin -admin
# Set the time zone to London
/usr/sbin/systemsetup -settimezone "Europe/London"
# Enable network time servers
/usr/sbin/systemsetup -setusingnetworktime on
# Configure a specific NTP server
/usr/sbin/systemsetup -setnetworktimeserver "ntp.amsys.co.uk"
# Switch on Apple Remote Desktop
$ARD -configure -activate
# Configure ARD access for the localadmin user
$ARD -configure -access -on
$ARD -configure -allowAccessFor -specifiedUsers
$ARD -configure -access -on -users localadmin -privs -all
# Enable SSH
systemsetup -setremotelogin on
exit 0


So now we have the config profiles in our MDM. When a device enrolls it falls into the necessary groups and configures its settings based on the XML information.

If anyone wants to grab a copy of our completed mobileconfig files and the amended first boot script, you can get them on our github page here.

Apple is clearly pushing profiles as the primary settings management method so its worth spending some time with config profiles and seeing what you can switch over to them.

Quick Tip: How to open System Preferences quickly

If like me you regularly access System Preferences to change settings then the following tip may help you open System Preferences quicker.system preferences osx

Open System Preferences using Keyboard Shortcuts:

On your keyboard use ALT + F2, which opens up the Display system pane. Then use CMD + L, which will change from the Display system pane to the main System Preferences.

Open System Preferences using Spotlight:

On your keyboard use CMD + SPACE to display the Spotlight search (top-right menubar) where you can simply type the keyword sys which should then display and select System Preferences, and then hit the RETURN key to open.

How to delete Keychains at logout

keychain logoutI’ve been asked quite a few times whether it’s possible to disable the Keychain functionality in OS X. This is a fairly critical part of the OS, so the short answer is no, but there are some workarounds that suit certain environments, particularly deleting the Keychain at logout.

Why would you want to do this?

For anyone new to the topic, the Keychain is a feature introduced years ago by Apple to securely store users’ passwords and to make them available to other applications. The functionality was built-in to a load of OS X features and apps like Mail, Safari and the Finder.

Apple also made APIs available to developers so they can integrate the Keychain into their apps. So if a developer needs a user to authenticate to use their app, they can store and retrieve credentials from the user’s Keychain.

So while this all sounds good, there are a few situations where the Keychain can get in the way. The most common issue is when password policies are being used to force users to change their passwords on a regular basis.

If they have been storing the password in their Keychain for things like file servers and email, and then change the password to something else, they will get Keychain errors, or worse, locked out from some applications as OS X tries to send the old (incorrect) password to the service.

Another problem is when users reset their password outside of OS X. This happens a lot in schools as students forget their passwords and have to have them reset in AD.

When the student logs back into a Mac that has a local copy of their Keychain the passwords won’t match, presenting them with an error. This is even more likely if the Macs are in shared classroom / lab setups. The users will be leaving a breadcrumb trail of local Keychain files making the problem much worse if their password is reset.

Deleting the Keychain at logout

A popular way to avoid this issue is to delete the Keychain at log out. When a user logs in, if no Keychain file is present in ~/Library/Keychains, the OS will create one based on the user’s current password. This means that all you have to worry about is deleting the old one before that point.

The script:

	rm -Rf /Users/$USER/Library/Keychains/*
	exit 0

This script will simply delete anything in the user’s ~/Library/Keychains folder, forcing the OS to create a new one next time they login.

To create it, use a “coding” text editor (Sublime Text, TextWrangler, BBEdit, Fraise, etc.) and add the code above. Save it with a .sh extension in a location accessible by all user accounts, and make sure it is executable.

We normally recommend making a new folder in /Library with the company name to store these types of things. If this were for Amsys, I would use the two following steps to create the folder and set the necessary permissions:

  1. In the Terminal, type “sudo mkdir /Library/Amsys”
  2. Copy the script you created into the folder
  3. In the Terminal type “sudo chown -R root:wheel /Library/Amsys”
  4. In the Terminal type “sudo chmod -R 755 /Library/Amsys”

All the above commands will need to be run as an admin user.

Getting the script to run

Once all this is in place you need to get the script to run each time a user logs out. To do this, you can add a new Logout Hook:

In the Terminal, type:

sudo defaults write com.apple.loginwindow LogoutHook /Library/Amsys/name_of_script.sh

You just need to adjust the path based on your company folder name and change “name_of_script.sh” to whatever you called the script when you saved it.

A note about Logout Hooks

When you use the defaults command to add a login or logout hook to trigger scripts, you are adding XML entries into the com.apple.loginwindow.plist file. This functionality has been deprecated by Apple, meaning it may be taken away in a future release of OS X. This is fine for login hooks as we have LaunchDaemons to replace them. It does, however, present a bit of a problem for logout hooks as there is no equivalent replacement.

There have been a few creative alternatives popping up on the Internet, but Apple has not indicated any plans to replace the functionality. So while it will work for now, this is worth taking into account when choosing to setup logout hooks.

Munki 2: What’s New in Munki 2.1 and 2.2

Hi all. Well, since we published my intro to Munki 2 blog, Greg has continued his forward march and released two full versions since!munki2

This blog will give a rough overview of the shiny new features in these releases!

So, Munki 2.1?

Munki 2.1 was released on 16th December 2014 with 2 main new features (excluding localisation work):

  • Replacing the use of ‘curl’ for the munki repo communications with Apple’s NSURLConnection.
    • This works around an issue with Mavericks and the use of Client SSL certificates to authenticate against the Munki repo. I saw this issue first hand and the workarounds typically involved installing custom versions of the command line tool Curl. Not ideal with you’re trying to use as little custom items as possible, like Munki is.
    • Full support for the deployment and installation of Adobe Creative Cloud Packager installers.
      • These are the product of Adobe’s Enterprise packaging tool and can be temperamental when used in deployments (not just with Munki). This update adds full support for them into Munki.

And Munki 2.2?

Munki 2.2 was released on 27th January 2015 with one huge new feature:

  • Munki now can accept, push out and install Configuration Profiles without wrapping them in installers or scripts.
    • This allows the pushing out of (computer level) profiles through the Munki system without requiring a system to wrap the profiles, or to check if they need to be installed (with custom install check scripts).
    • Additionally, Munki now creates and uses hash keys for the icons of packages, thereby only downloading the new icons when needed.
      • This should cut down on your network traffic relating to grabbing the icon files, which can only be a good thing!


There you go, two fairly major updates out in a matter of months. Has anyone tried the new updated versions? Any interesting stories? How about any cool new Munki tricks you’ve learnt? Let us know below and I’ll try to respond to and delve into as many as I can.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.


Amsys open 2nd location in Soho, London

amsys poland street

For the last five years, our London office has been based on Berwick Street in Soho. Here our expert team of Apple Certified Trainers and Technicians have been providing a range of Apple Authorised services to businesses based in London.

In response to increasing demand for our “walk-in-Mac repair” services, support and iOS Development training, we opened our second location in London last week.

This new location, which can be found on 44 Poland Street, will act as our Apple Services and Support Centre, just a short 4-minute walk from the Apple Store on Regent Street. Meanwhile, the Berwick Street location will operate as our Mac OS X & iOS Training centre.

What can you expect from Amsys’ New Apple Service & Support Centre?

Tech Bar & Walk in Apple Repair Services

Business users and Apple fans alike can pop into our new Apple Service & Support Centre to have your Apple devices serviced, fixed or replaced. You do not need an appointment to guarantee a repair, simply walk in and grab a seat at the sleek tech bar to have a chat with our team.

We are one of the UK’s largest Apple Authorised Service Providers and, as such, can repair and replace all in and out of warranty Apple devices including, iMacs, MacBooks, iPads, iPods and Apple TVs.

All repairs are performed onsite in our new state of the art, Apple Certified, workshop, with a typical turnaround time of 3-5 working days for each service.

Apple Authorised Training

To support increasing demand for Apple Certified, Advanced and iOS training courses we have also added an extra training room, to complement our two other classrooms on Berwick Street. Training will take place in state of the art conditions, using the latest Apple Tech, led by our Apple Master IT Trainers and/or experienced iOS Development Trainers.

Dedicated Service Desk

Recent rapid growth has led to the opening of Amsys’ second dedicated service desk facility at the new premises, enabling our Apple Certified techs to visit Amsys’ London based clients as and when needed. Here, our team of fully certified consultants and technicians will provide Apple support, consultancy and associated services to London’s businesses, schools, and universities.

Comment from Alex Hawes, our MD

“Opening a second location in Soho, London has been the natural next step for Amsys as growth accelerates across our six divisions. With five locations across the UK, we have securely positioned Amsys as the market leading technical partner for organisations that rely on Apple devices and third party tools. The future certainly looks bright, with plans to employ more techs and to release a range of innovative solutions. ”

For more information about our Apple services, events and much more, please subscribe to our blog or email info@amsys.co.uk.

Mac Myriad Podcast #1

mac myriad south africaMac Myriad (formerly known as Mac Tech SA), founded by Apple Trainer, Lee Balsdon, is a user group for Mac admins, techs and Apple fans in Cape Town, South Africa. The community has been running for just over year, providing a variety of monthly events for Apple Professionals.

Last week, Lee launched their first podcast to chat to international and local Apple experts about all things that matter in the world of Mac and iOS.

We were honoured to be invited to take part in their debut show, alongside Charles Edge (Bushel, Krypted.com)  and Karen Hart (Picster Books) for an entertaining discussion about all things Apple!

Listen to the podcast to hear:

Charles Edge talk about Bushel; the Amsys team chat about the history and future of Revise IT, and Karen’s inspiring iDeaf Project.


  • Thunderstrike
  • Favourite Apps
  • Apple’s Quarterly Earnings

and much more!

Subscribe to the podcast on iTunes or listen on Soundcloud now.

Munki 2: Upgrading Your Munki Repo and Administration Mac

Hi all. Welcome to the second part in my Munki 2 blogs: The on-going guide to get Munki newbies up and running with a basic setup to cut your teeth on!

This blog is designed as an ‘updater’ blog to my previous two Munki blogs: “Configuring Munki for a Mac Server” and “Munki Configuration Part 2: Admin Mac”.

Also, I realised in my intro blog, I used the term ‘Munki Server’ for the Munki Repo and I got a little stick about it. Rather then argue semantics, please assume that if I use the terms ‘Munki Server’ or ‘Munki Repo’ I’m referring the same thing, specifically the server that hosts all the Munki data you are serving to your clients.

My Demo Setup

Just for clarification, my demo setup for these instructions and screenshots is as follows:

Server and Client OS: OS X Yosemite 10.10.1
Server app: 4.0.3
Munki Tools: 2.2
Example Package: Mozilla Firefox v35.0.1

Repo-side Upgrade

To be honest, there’s only one repo server-side change for a generic setup and that’s the inclusion of an ‘icons’ folder at the root of the Repo.

repo side upgrade munki

Now this folder will be created on demand when you first use the updated munkiimport tool to upload a package and create an icon for it. You could create this manually (say if you don’t have permissions to create new directories at the munki_repo root), just ensure it has the same permissions as the other directories, for example the pkgsinfo directory.

Administration Mac Upgrade

For your administration Mac, run the updated Munki 2 installer. As mentioned on the previous ‘part 2′ blog on step 7, if this Mac will not be running Munki client, simply use the ‘Customize’ option to deselect the “Managed Software Centre” and “Munki launchd agents” whilst running the installation.

administration mac upgrade

Munkiimport Updated!

With the new options, some changes were made to the Munkiimport command line tool to simply take advantage of these. This is in the form of three new (optional) questions asked when importing an item:

  • Category
    • Allowing you to manually specify the Category you’d like to have item displayed under. The most benefit would be seen if this item is an optional install.
    • Simply enter the desired Category and it’ll be added to the pkgsinfo file for the item.

munkiimport updated

  • Developer
    • Allowing you to manually specify the Developer you’d like to have item displayed under. Again, the most benefit would be seen if this item is an optional install.
    • Simply enter the desired Developer name and it’ll be added to the pkgsinfo file for the item.

munki developer

  • Icon
    • Icon is a little different from the other two. Munkiimport will first check if the Icon already exists matching the name of the Item. If not, it’ll offer to try and extract one. This generally only works for DMG or standard Apple pkg installers.
    • If a suitable Icon is found, it’ll upload the icon into the ‘icons’ directory on the munki_repo (creating the directory if not present), with the ‘[item name].png’ as the filename.
    • Finally, if successfully, it’ll add the path to the icon into the pkgsinfo file.
    • The icon will be shown next to the item in the new Managed Software Centre client application.


munki icon

Final Result

Following on from the above, I added Firefox to the optional installs on my test Mac and this is how it looked in the new client application:

add firefox options installs munki


There you go. As always, I hope it helps someone out and gets you onto the new (and awesome) Munki v2. Tune in for the next part where I’ll discuss upgrading the Munki Clients.

For these blogs, I’d always recommend reading the documentation (as Munki is a powerful tool) over at its new home on GitHub.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

Note: Regarding Running a HTTP Munki Repo on OS X Yosemite Server

One little thing I did find that has changed with using the web service on OS X Yosemite Server is, by default, all HTTP requests are redirected to HTTPS. In a normal Web Server configuration, this is exactly what you want, with all communication between the Web Server and the Web Client being encrypted.

However, if you’re running a Munki Repo on HTTP and haven’t (yet!) got round to configuring HTTPS it will stop Munki clients from reaching your repo. Don’t worry, this is purely a tick box in the server app and can be disabled by:

  1. Launch the Server.app and navigate to the “Web” service.
  2. Find your default website and double click it.

Read Munki 2: An Introduction Here.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Deploy a Firefox CCK2 package with Munki

Hi Munki / Firefox admin!

I’ve been known to use both JAMF’s Casper suite and Munki, situation dependent, but recently all of my Firefox CCK2 posts have been geared for Casper admins. Time to give some love to Munki in this area!

This blog assumes you have packaged the autoconfig files that CCK2 outputs and are ready to deploy them. It also assumes you have already got Firefox installed in your Munki Repo, either manually or via AutoPKG.

I have written the details using Munki Admin to take advantage of the easier GUI to show what’s happening. If you’d rather use the command line tools and edit the pkginfo files directly (and why not?) or you administrate your Munki setup without using Munki Admin, you should be able to take what I’ve written and easily translate it over to manually editing with the appropriate tools.

As always, this is how I have resolved the challenge I was faced with. I don’t make any promises that it’s the best way and I’m very open to hearing others’ opinions!

Package Info for your CCK2 package

1. Nice and simple. Import your CCK2 installer package into Munki, either using ‘munkiimport’ or Munki Admin. If you’ve used ‘munkiimport’, open up Munki Admin.

2. Find your newly added installer, and double click it to view and edit the pkginfo file.

3. (Personal Preference but) I would suggest ticking the ‘unattended install’ so that this ‘restrictions’ profile can be installed without alerting the user. The user will still be alerted if there are any installs / updates that are available that do not have ‘unattended install’ ticked.

4. Go to the “Requirements” tab. Add your ‘Firefox’ installer into the “Update for” section.
This will mean that you don’t need to add the CCK2 installer to a manifest and it will install after the Firefox installation (and not be replaced!)

editing firefox 35 cck2 installer

5. Click “OK” and then run ‘Save’/’Make’ to save the changes to the appropriate files.

6. This should now deploy fine.

What if this CCK2 installer is for a specific version of Firefox?

Ah, so you’ve read my previous blog about Mozilla changing the location of the CCK2 files between versions of Firefox? In this case, you’ll have a little more work to do. Once you’ve completed the above steps:

1. Navigate to your Munki Repo and find the pkginfo directory.

2. Open the pkginfo file for the CCK2 installer package in your favourite script-editing app (avoid word processes, such as Microsoft Word, and TextEdit as these can screw up the formatting of these files, thereby making them unusable).

3. Find the “update_for” key, and change this from “Firefox” to the full name of the pkginfo file (without the .plist) for the version of Firefox that this CCK2 installer is for.
e.g. To set my pkginfo to be for my Firefox-35.0.0.plist I will modify the CCK2 pkginfo from:

modifying firefox 35


modifying firefox 35

4. Save the file, and run the ‘make’ from Munki Admin, or the below command in terminal:


5. This should now only install the update, if the Mac is detected as having Firefox v35.0 installed (as detected by your Firefox-35.0 pkginfo).

Installation Detection

Now you will find you experience at least one (likely both) of the below scenarios:

  • If a user was to replace the entire Firefox application, or manually remove the CCK2 files, they will be able to remove the restrictions, and Munki won’t know to reinstall them
  • Munki will not be able to detect the installation of the CCK2 package and so will ask to update it at every Munki run.

More information for this can be found on the Munki site, however; it boils down to telling Munki (via the pkginfo file) what items correspond as the installer being ‘installed’.

This can be achieved through either an Installs Item/Array or an Install Check Script.

Please Note: Munki works through a priority list to determine which method to use to detect if an install is required. Regardless of the success or failure of the detection, it will stop when it finds the required information in the pkginfo, e.g. If you provide an Installs Array and an Install Check Script, it will only use the Install Check Script and will not failover to the Installs Array. The priority order is:

1st - Install Check Script
2nd - Installs Array / Items
3rd - Receipts

Installs Array

The first method I’ll show you is the Installs Array method. Again, as mentioned above, I’ll show you the Munki Admin method to try to make it as easy to follow as possible. Those who are happy to edit the pkginfo files, please feel free to do so! It would also help to know the actual files and directories that are being deployed.

1. Run the CCK2 installer package on a test device.

2. Install and Configure access to the Munki Repo from this device. Launch the Munki Admin application.

3. As before, find the CCK2 installer package, and double click it to view / edit the pkginfo data.

4. Navigate to the “Contents” tab. The top box is where the Installs Items are listed.

5. Open a Finder window and one by one drag in the files that the CCK2 installer deploys.

6. My example ended up as this:

editing firefox 35 munki

7. Click “OK” and then run ‘Save’/'Make’ to save the changes. This should now correctly detect when the package has been correctly installed and also reinstall should any of these files be missing (for example, should a user replace the Firefox application).

8. The relevant area of my final pkginfo file looked like this:

final pkg info file firefox munki
Install Check Script

So you didn’t like the Installs Array method? Or maybe you are intrigued as to other ways you could maybe carry out an amazing “Stupid Munki Trick” (https://github.com/munki/munki/wiki/What%20Are%20Stupid%20Munki%20Tricks)? In that case follow on. If not, please skip this bit.

1. Launch Munki Admin and access the CCK2 Installer pkginfo as mentioned above.

2. Go to the last “Install Check Scripts” tab. Check the left hand tick box and use the large left hand text window to write your script. The general rules are:
a. Any language that the Mac Supports, Munki will also support.
b. Most Importantly: An exit code of 0 means the item needs to be installed. Anything else means the item does not need to be installed.

3. For this example, I’ll cheat and use my CCK2 Casper Extension Attribute script to cut corners.

cck2 casper extension attributes script

4. I’ve changed line 36 to be “exit 0″ as this is when the CCK2 items will need to be reinstalled.

5. I’ve also changed line 39 to be “exit 1″ as this is when the CCK2 items have been detected as being installed.

6. As before, click “OK” and then run ‘Save’/'Make’ to save the changes


There you go. As always, I hope it helps someone out and saves you some time as well as give you more ideas for how to work with your Munki solutions.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

What will you do when your Macs aren’t covered by Warranty?

Macs play an increasingly important role in Enterprise and Education markets; and, therefore, it is important that your Mac hardware is protected against faults, damage and inevitable wear and tear.

Protecting your device(s) warranty

Apple have put in place a number of key requirements to ensure that your Mac gets the highest level of service and its hardware’s warranty is not invalidated when you send it in for a service, repair or upgrade. These include:

  • Only allowing Apple authorised parts to be sourced.
  • Only allowing Apple Authorised repair centres to fit the parts.
  • Tough regulation on the environment the repair is carried out in and processes the repair must follow.

Failure to meet these can invalidate the warranty.

Scales of Apple Warranty

For the first year of an Apple device’s life, Apple provides 1 year warranty that covers all parts and labour.

You can also choose to take out the “Apple Care Protection” (APP) plan, which covers your Mac hardware for the subsequent 2 years.

However, as your Mac enters their 3rd year of usage or are over 1 year old, without APP, this presents many companies with a very difficult decision:

Do you:

a)  Refresh your entire Mac fleet with new devices.

b)  Continue to use the devices but risk potentially hefty repair bills over the next few years?

As experienced tech users, we all know that Murphy’s Law hates gadgets!

Typically, Murphy’s Law tends to kick in the day after your warranty runs out and your cat decides to knock your MacBook off the table… or worse.

Amsys Alternative

Amsys offer organisations with a large Mac fleet another option. Devices over 3+ years old (or over one year without an extended warranty) can be enrolled in our “Break / Fix Contract.”

From as little as £105 per year, this hardware contract covers:

  • All parts,
  • All labour,
  • All carriage,
  • All diagnostics,
  • Priority repair service.

If you want to find out how you can continue to insure your Apple Devices, without having to renew your entire fleet, or pay for Out of Warranty repairs; then please contact me (Henry Capper), email henryc@amsys.co.uk or call 0208 660 9999.



Download all of the GarageBand / Logic Pro X Content Loops for deployment

Back in November, I had a conversation over Twitter with @TechGrlTweeter about how to capture and deploy the GarageBand loop installers. Now some Mac admins prefer to use network packet capture tools such as “Charles Web Proxy” however the method I suggested uses no additional applications and requires a lower technical skill level to do.

Content Loops?

Ok I may not have started clear enough. A little ago, Apple stopped shipping iLife suite installers for GarageBand, iWeb, iDVD, iPhoto and iMovie and instead utilised the Mac App Store for these products, as well as for Logic Pro X. To minimise the download size of GarageBand and Logic Pro X Applications, the content / music loops were separated.

When these Applications are first launched, they try to download and install the content, with this totally over 10s of GBs of data (especially for Logic)! Additionally, Apple will occasionally release new content packages, which are then downloaded the next time the Application is launched.

In environments that manage their Mac devices (particularly Education departments) they will need to deploy these additional content packages with GarageBand and Logic Pro, otherwise users face a lengthy wait on first launch. Not an ideal user experience!

The question is how to catch and include these content packages. With a monolithic image, this is simple as the loops can be downloaded and included in the image. With a modular image, or if Apple release an updated content package, you need to use another technique.

Capturing all of the Content Packages

In the examples, I have used a fresh version of Mavericks 10.9.5 and an un-launched copy of GarageBand, but the process is almost identical for Logic Pro X and for when Apple releases an additional content package.

1. Launch GarageBand or Logic Pro X. You should either be prompted to download the new content or it will start automatically.

capturing content packages garage band

2. This will take some time, especially with Logic. Go make a cup of tea / coffee and generally leave the Mac to one side. Dependant on the size and number of content packages, and the speed of your connection, it may even be advisable to leave it running overnight.

downloading installing garage band

3. Eventually the progress message under the loading bar will change from an ETA to “Installing…” and an authentication window will appear asking for administration details. DO NOT FILL THIS IN AND DO NOT CLOSE THIS WINDOW!

installing garage band

4. Move the authentication window and the GarageBand / Logic Pro window to one side and go to your Finder application.
5. In Finder, select “Go” then “Go to Folder…”

authenticate garage band

6. In the box that appears, type “/var/folders/” and click “Go”. This path is case sensitive but you can use tab-completion to fill it in.

var folders garage band

7. You will see any number of folders here, all with seemingly random two letter names. We need to organise these by size, which by default you won’t have enabled.

8. In the Finder, click “View” then “Show View Options”.

view options garage band

9. The View Options will now appear. Tick the “Calculate all sizes” check box. To avoid having to do this at each level, I suggest clicking the “Use as Default” button.

calculate all sizes

10. Once we’ve got the views sorted, we are going to need to drill down via the largest directory sizes to find what we’re after. I’ll show you what I had in my example but it will be very unlikely your directories will be named the same so you may need to go solo through this step.

a. My first level was “lq”.

directories garage band lq

b. My next one was “fwf625f54h52zc0vm3htj1yc0000gn”

directories garage band fw

c. Next I had just “C”

directories garage band c

d. Now this is where we should all be in the same location! Find “com.apple.garageband10″ (or “com.apple.logicpro…” if you’re grabbing Logic Pro content packages).

directories garage band 10

11. Open this directory and you should see an overly large one, in the example this is called “com.apple.MusicApps”. Open this.

directories music apps

12. Inside this there will be a directory called “audiocontentdownload.apple.com”. Open this (nearly there…)

directories audio content download

13. Inside this last directory is another called (in the example’s case) “lp10_ms3_content_2013″. Open this.

last directory

14. And hey presto! There are your content packages, all neat and ready to be pushed out.

all content packages

15. Organise it by size (or type) and grab all them all (14 in this case)!

organise by type


Now I have to be honest and say that I did not figure this out myself but rather by ‘standing on the shoulders of giants’. I found the information around a year or two ago and for the life of me, I cannot remember exactly where. Other than it was either:

So if anyone finds out whereabouts it’s mentioned, please comment below and I’ll update the blog.


I hope this help anyone else who has to push out content packages to find and grab these as needed. This has worked for me for Mavericks and Yosemite so looks good so far!

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.

While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

Best practices in 2015: Managing settings in Mac OS X & iOS

To continue our best practices series for 2015, this time around I’d like to describe the methods for settings management.

This is focusing on the central management of settings for the Mac OS such as the login window layout, and for installed applications such as Microsoft Word or GarageBand although also includes iOS.

Why manage settings?

For some people reading this, you may wonder why you need to manage device settings at all. There are scenarios where you might not want to do this. If you are working on your own and are using a Mac, any settings you configure would be applied directly to the OS via System Preferences, etc., or within the preferences screens of the apps you use.

If you are responsible for multiple devices, from 3-4 to thousands, you will be interested (albeit from differing perspectives) in controlling certain settings from a single administrative point.

In an education scenario, there are often labs of shared computers that have lots of different people logging in. As the classes are time constrained, it is important that each new user logging in is able to launch the application relevant to their lesson with the minimum of steps.

You don’t want the user to launch Microsoft Word and have it present them with a series of questions about joining customer improvement programs and whether or not to automatically update. You just want to load the app so they can get to work. To achieve this, you need a way to manage the settings.

In a business scenario, device deployments are generally one-to-one so refining the individual app settings can be less important. You may, however, want to ensure that certain security settings are enabled, and stay enabled. Enforcing options such as GateKeeper, FileVault, and screensaver passwords and making sure that users either can’t switch them off is important.

What methods should you use to manage settings?

To configure most of the settings in Mac OS X, there are two core techniques, shell command / scripts and configuration profiles. It can be argued that it shouldn’t matter what technique you use as long as you achieve your goal, but it’s worth noting that most settings will be significantly easier to configure with one or the other.

You may notice that I am not discussing the tools you use to deploy these settings. These will be mentioned a little later on, so for the moment we are focusing on the underlying core techniques.

Why aren’t we including MCX / Workgroup Manager / Open Directory in this article?

We have been in a bit of a transition period over the past few years from something called MCX to MDM and configuration profiles. If you visit a school that had Macs installed 3-4 years ago you will typically find an Apple server running Open Directory (which holds the management settings) and Workgroup Manager (an app that lets you configure the settings).

Apple has been pushing the use of configuration profiles since the release of 10.7 (Lion) and has now dropped support for Workgroup Manager so it is safe to say if you are working out how to manage settings in 2015 (or later), you won’t be using Open Directory and its associated tools.

The last reason is the lack of iOS support. It is becoming increasingly important to control the settings for all Apple devices, which is the key reason Apple have replaced Workgroup Manager with Profile Manager.

Features you need to include when implementing your management system

There are a few features you need to think about including when you are looking to manage settings on your Apple devices.

  • Ability to switch them on and off - You will want the ability to switch these settings on, but you should try to pick a mechanism that will allow you to switch them back off should you need to
  • An ability to push the settings at any point - Where possible, pick a method that allows you to push the settings, not just at the point of initial configuration, but to already deployed devices
  • An ability to adjust the settings after deployment - You may need to adjust the settings once they have been deployed so try and make sure the method you are using can do this
  • An ability to exclude the devices from the scope - You will likely deploy the settings to groups of devices. Make sure you have the ability exclude devices from the scope (and thereby remove the settings) should it be needed
  • An ability to check the success / failure status - You will need to know that your settings have been successfully deployed, or re-deploy if there is an error with some devices.

It’s not always possible to include all of these features with some types of settings but on the whole if you can tick all of these boxes it will be useful later on.

Manage settings with terminal commands

One very popular method to control Mac OS X settings is to use terminal commands. There are lots of examples in the previous blog post “Creating your first boot script”. You can either run individual commands or (as in the first boot example) group a collection of commands into a shell script and push it to your clients. Reversing or adjusting the settings post-deployment would be a case of pushing the altered scripts to the necessary machines.

There are, of course, a few drawbacks with this approach:

  • This is for Mac OS X only
  • In many cases, this is a harder skill to learn (compared to GUI configuration profile tools)

A note about preference caching in OS X

Some of you will have heard of preference caching in OS X. This feature, introduced in newer OS X releases, caches settings stored in preference files. This can interfere with tools that edit preference files directly like the defaults command.

This being said, there are lots of terminal commands that are still very useful, and difficult to replace with other methods, such as enabling Apple Remote Desktop, sysadminctl to create user accounts and systemsetup to set NTP server details.

Getting your terminal commands & scripts deployed

Once you have the commands written into a script, you will need a way to deploy them. Depending on the site, we normally use either the Casper Suite from JAMF Software, which can trigger scripts at login, logout, start-up, recurring check-ins (to name a few), or we use payload free packages (Apple installer packages that run a pre or post install script). With a payload free package you can use other tools like Munki or Apple Remote Desktop as a deployment tool.

Configuration Profiles

The second option for managing settings is to use configuration profiles. These are specifically formatted XML files that contain (amongst other things) a settings payload that can control settings in OS X and iOS. Many popular MDM services like Meraki and Casper have the ability to create and deploy configuration profiles using a simple GUI interface.

A nice feature of configuration profiles is the ability to control custom preference settings in OS X. As they are XML files, you can create them in plain text editors, loaded with the settings you need to enforce. In some MDM products, you are able to upload your customised preference files directly from OS X and have them convert into configuration profiles ready to deploy.

Configuration Profiles are also able to avoid the issues experienced by preference caching.

Getting your configuration profiles deployed

When we have created our set of configuration profiles, we again either use Casper’s built-in MDM functionality or the new abilities built-in to Munki to install them.

You can use most MDM services to deploy the profiles, just bear in mind that some simpler services like SimpleMDM and the free version of Meraki don’t support custom profiles.


For anyone tasked with managing groups of Macs, large or small, getting to grips with settings management is a must. If it is something you’re considering, I would recommend either terminal commands or configuration profiles.

If you’re looking at using defaults commands (or similar), see if it’s possible with a custom configuration profile to avoid issues with OS X preference caching.

Revise IT announced as a finalist in Surrey Digital Awards 2015

surrey digital awards finalist

Revise IT has come a long way since we launched a series of free revision apps for Apple techs five years ago. Therefore, we are delighted to announce that Revise IT is a finalist in Mobile App Category at the Surrey Digital Awards 2015!

What are The Surrey Digital Awards?

The awards were have been created to “reward innovation and progressive thinking by businesses across the county…” and to provide a “showcase for the hard work of those companies who have embraced online technology.”

Revise IT’s Story

Richard Mallion, our CTO and brains behind the Revise IT app, first came up with the idea when he moved on from writing printer drivers for Mac OS 6 and into development. Once Apple released the SDK, the idea to develop apps for iPhones really grabbed Richard’s attention.

What started out as a hobby, quickly developed into creating apps with a purpose; supporting Amsys and the Mac community. And that’s when the initial revision apps were born.

Consequently, as Richard skills and understanding of iOS development advanced we were able to create our range of now phenomenally popular iOS app development courses!

Revise IT’s Feedback

During its lifetime, Revise IT has received some amazing feedback from the community as well from a number of Apple training companies. As Revise IT was one of the first apps of its kind on the market, it subsequently received a lot of exposure. Both Mac User and Mac World featured Revise IT in their magazines, and it made it to the top 10 on the education list in the App Store.

To date, the App has had around 100,000 downloads!

Revise IT’s Yosemite Update!

When we released 10.9 last year, we were blown away by 18,000 users updating the app almost immediately. For those of you eagerly waiting for 10.10, you’ll be pleased to hear that we’ve just submitted version 10.10 to the App Store. We’re expecting Support and Server Essentials to appear sometime in Feb – Tweet @amsysuk to get an update!

Revise IT’s Future

Last year we included a number of new features, including the ability to share your results on social media platforms along with a new interface for iOS 7. This year, Richard is planning on giving Revise IT a bit of a well-deserved face lift.

Thank You

The awards ceremony is taking place in Surrey on 5th March 2015. And we would just like to thank everyone who has downloaded Revise IT and to the Apple community as a whole as Revise IT wouldn’t exist without you!

Download Revise IT for free here.

Firefox 34 and newer CCK2 lockdown detection Casper Extension Attributes

Hey again!

As mentioned in my previous blog, with version 34 and 35 of Firefox, Mozilla changed the locations for the lock-down files. As a result, my previous Casper Extension Attribute would not correctly detect that the lock-downs are installed for these versions of Firefox.

So I got off my backside and re-wrote it!

Extension Attribute Configuration

The EA configuration is the same as the previous blog , and this should be used.

Extension Attribute Script

Here’s the new script:

firefox 34 extension atrribute configuration

This now breaks down as:

Line 1                         The shebang. Lets the device know it’s a bash script

Lines 4 and 5         The two possible locations for the lock down files

Lines 8 and 9         This section grabs the version number (CFBundleShortVersionString) and strips out all except the first number before the dot.

Line 12                      This runs an ‘if’ statement asking if the number grabbed from lines 8 and 9 above is less than 34

Lines 14 to 17         This echos out the version found, then sets the items to check to the ‘old’ location (e.g. “MacOS”)

Line 18                      If the ‘if’ statement from line 12 is false, another statement runs asking if the number is equal to 34.

Lines 20 to 23       This echos out the version found, then sets the items to check to the ‘old’ location (e.g. “MacOS”) for all except the autoconfig file, which is in the ‘new’ location (e.g. “Resources”)

Line 18                      If the ‘if’ statements from line 12 and line 18 are false, another statement runs asking if the number is greater than 34.

Lines 20 to 23       This echos out the version found, then sets the items to check to the ‘new’ location (e.g. “Resources”).

Line 30                     Close the “if” statement

Line 33                     This runs a multi-input “if” statement. The use of the double pipes (“||”) denotes “or”. If you swapped these for double ampersands (“&&”) is would denote “and”.  So this line says “(if directory ‘$distDir’ does NOT exist) or (if file ‘$overrideFile’ does NOT exist) or (if file ‘$autoconfigFile’ does NOT Exist), do then section between “then” and “else”.

Line 36                     Echo into the Casper EA the word “No”. Essentially if any of those items are missing, then at least part of the customisations are missing and the whole lot should be reinstalled.

Line 39                     Echo into the Casper EA the word “Yes”. If none of those items are missing, then the customisations should be in place and working fine.

Line 40                     Close the “if” statement

Line 42                     Exit the script


Again, this is identical to my previous blog on this subject.

The only ‘gotcha’ is because of the varying locations; you will need have multiple lock-down installer packages and scope them to devices that are:

a)    Missing the CCK 2 lockdowns

b)    Have Firefox version

  1. 34 for the v34 lockdown package
  2. 35 for the v35 lockdown package
  3. etc


There you go. I hope it continues to help someone out and saves you some time. As before, attached to this blog is an export of the EA. You can download this, upload it to your JSS and tweak it as desired.

As always, if you have any questions, queries or comments, let us know below and I’ll try to respond to and delve into as many as I can.


While the author has taken care to provide our readers with accurate information, please use your discretion before acting upon information based on the blog post. Amsys will not compensate you in any way whatsoever if you ever happen to suffer a loss/inconvenience/damage because of/while making use of information in this blog.

The technical interview 101 – Part 1

I wanted to write down some thoughts and experiences with interviewing from both the interviewee and the interviewer perspective, which I will be sharing with you over the next few weeks.

Part 1

We should start with the Interviewer finding the right Candidate(s).

A good interview technique will not turn a BAD candidate into a GOOD one!

As the hiring manager, you should be in complete control over who enters the interview process. I wouldn’t advise leaving this to HR or another colleague to decide. I have always found that the more involved the hiring manager is, the better the quality of candidates.

Your ability to conduct a great interview will make it easy to find the skills that the candidate already possesses, but it will not inject skills that aren’t there.

Today I will share the 3 basic considerations that can improve the quality of candidates to interview.

1.    The Job Posting

The best job postings read like an actual human being wrote them. Not jargon-filled nonsense, with more oxymorons and hyperbole than a Daily Mail editorial.

Your job posting should include the spirit of your organization while expressing the personality of you – the hiring manager. A lot of people struggle to understand that this is your sales pitch to your perfect candidate.

A generic, “HR-speak” filled advert normally attracts generic candidate… BUT a Creative, Passionate and Smart advert will generate Creative, Passionate and Smart candidates.

the technical job advert

2. It’s all about your brand.

Have you seen Glassdoor.com?  This is a site that strikes the fear of god into most HR departments.

Here, employees have the chance to anonymously rate and review their past and current employers. We should all be encouraging our employees to use this site! What a fantastic way to gain a real insight to your employees.

Yes, there will be negatives, even if you gave your employees free Haribo and had Puppy Wednesdays. Of course, there would be someone who hates Puppies and Haribo (strange people)!

But this gives the potential candidate(s) a fantastic insight into your business through your current employees, and will only make your business stronger. Plus, the candidates that you then interview, will already feel like a small part of your business. There’s no point in deceiving candidates if internal issue(s) exist as they won’t stay, and that’s a costly hiring technique.

3. Do the legwork

Hiring is a costly and long process that most managers would rather pass onto somebody else. However, you are the key to your own success!

For this reason, work closely with your recruiter. Notice that I said recruiter and not multiple recruiters!

It may seem like a good idea to pass the job to 5 agencies in order to stand a better chance of finding that perfect candidate. When, in fact, it’s actually the opposite as you’re watering down your offering. You and your recruiter should have a symbiotic relationship.

You will have networks and connections that they don’t, and vice versa. Use the hiring process to develop a good relationship with your recruiter or HR department, which will make processes run smoothly while working with them.

The Interview

So, you have your 2, 3, 5 or 20 candidates to interview, all arranged and ready to go.

Now you and your co-interviewers’ task is to use that 60-minute window with the candidate in the most productive way possible. An hour is not a lot of time to decide on your company’s and the candidates’ fate. But it should be enough to get 80% of the way there. After all, hiring people is always going to be 10-20% luck.

I once read somewhere that the best interview format is 5 mins, 25 mins, 25 mins,5 mins with a 5 min buffer.

  • 5 minute warm up
  • 2/4 big questions or problems (25/12 minutes each)
  • 5 minute wrap up

An uncomfortable or defensive candidate will never show their true potential, and an uncomfortable interviewer will never ask the right questions.

Be nice!

An obvious gesture I know, but you would be surprised how few take on board this tactic.

For instance, say the servers have just fallen over, or your C.E.O has just berated you due to your department’s overspend. DO NOT TAKE THAT INTO THE INTERVIEW WITH YOU!

It’s not the candidates fault that you’re having a bad day; they could be the answer to your problems!

You could choose to take a confrontational edge as the interview progresses, but you will never recover a candidate if they are uncomfortable or defensive from the start.

Ask them about their journey, and then move on to a question about their CV. Alternatively, ask them to choose what they think is the best thing from their CV and get them to describe it to you. This is your chance to help them dominate the conversation and to get them pumped

A great interview is a great collaboration

If the job involves spending time with a team and collaborating together. Then it’s important that the interview is also a collaborative process.

An amazing developer that can only work at home on their own is always going to be less valuable to a business in the long run than a good developer who adds value to the entire team. One of my favorite poems was from my days in the army. My huge, angry and aggressive training corporal readout the following John Donne’s poem to us while we were in the water tank at Lympstone.

water tank at lympstoneNo man is an island,
Entire of itself,
Every man is a piece of the continent,
A part of the main.
If a clod be washed away by the sea,
Europe is the less.
As well as if a promontory were.
As well as if a manor of thy friends
Or of thine own were:
Any man’s death diminishes me,
Because I am involved in mankind,
And therefore never send to know for whom the bell tolls;
It tolls for thee.

Being smart is not enough to build a successful team. 

The candidate has to be comfortable communicating their intellect, skill and knowledge to others by being able to take criticism on board and exchange ideas. Not by forcing colleagues in the direction that they perceive to be right.

The problems and questions you pose should include something about how the candidate will be WORKING WITH YOU on a particular project

E.g. “I need to reorganize the internal IT department, and I want to put you in charge. How would you start?”

It’s important that you act as a guide and to collaborate, but do so from a distance. Answer their questions (it’s a great sign if they ask great questions). But only help them to clarify assumptions. DO NOT answer the questions for them unless they are completely stuck or off-topic and need a little nudge to move on.

interview techniques

Know when to Shut IT

It can sometimes be irresistible to spend the 60 minutes talking, after all, you have a captive audience. I could easily talk at someone for 60 minutes, without even noticing. THE MORE TIME YOU SPEND TALKING, THE LESS TIME THEY SPEND DEMONSTRATING THEIR TALENT!

It’s OK to be chatty and tell stories, just have a reason for it.

Keep Notes

There’s no point in starting the interview process if you’re not clear on what you’re looking for.

I would suggest creating an ordered list of the traits you require. They should be in 2 sections.

  1. How they will fit into the Team/Organization – it would be great if you had input from your existing team.
  2. How they will fit into the role in order to succeed.

You should think of yourself as an integrator (a friendly one, let’s say “good cop”). Who is trying to create problems and questions that discover whether the desired skills/talent/traits exists.

Even if hidden, you will find out in that hour.

In my opinion, this is the only attitude that will maximize your chances in making that perfect hire. You do not need to be confrontational or give a tough interview to achieve this – the opposite, in fact. It should be the quality of your questions and your attitude that makes an interview tough.

In the next part, I will go into:

  • Interview questions
  • Concluding the interview
  • The feedback process